Bewerken

Delen via


!wmitrace.start

The !wmitrace.start extension starts the Event Tracing for Windows (ETW) logger on the target computer.

!wmitrace.start LoggerName [-cir Size | -seq Size] [-f File] [-b Size] [-max Num] [-min Num] [-kd] [-ft Time] 

Parameters

LoggerName
Supplies a name to be used for the trace session. LoggerName cannot contain spaces or quotation marks.

-cir Size
Causes the log file to be written in a circular manner. Size specifies the maximum file size, in bytes. When the file reaches this length, new data will be written to the file in a circular manner, overwriting the file from beginning to end. This cannot be combined with the -seq parameter. If neither -cir nor -seq is specified, the file is written in buffered mode.

-seq Num
Causes the log file to be written in a sequential manner. Size specifies the maximum file size, in bytes. When the file reaches this length, the oldest data will be deleted from the beginning of the file whenever new data is appended to the end. This cannot be combined with the -cir parameter. If neither -cir nor -seq is specified, the file is written in buffered mode.

-f File
Specifies the name of the log file to be created on the target computer. File must include an absolute directory path, and cannot contain spaces or quotation marks.

-b Size
Specifies the size of each buffer, in kilobytes. The permissible range of Size is between 1 and 2048, inclusive.

-max Num
Specifies the maximum number of buffers to use. Num can be any positive integer.

-min Num
Specifies the minimum number of buffers to use. Num can be any positive integer.

-kd
Enables KD filter mode. Messages will be sent to the kernel debugger and displayed on the screen.

-ft Time
Specifies the duration of the flush timer, in seconds. Starting in Windows 8, you can specify the flush timer duration in milliseconds by appending ms to the Time value. For example, -ft 100ms.

Note  If you start a tracing session in KD filter mode (-kd), trace buffers on the target computer are sent to the debugger on the host computer for display. This parameter specifies how often the buffers on the target computer are flushed and sent to the host computer.

DLL

Wmitrace.dll.

This extension is available in Windows 7 and later versions of Windows.

Additional Information

For more details on the parameters of this extension, see StartTraceA Function and EVENT_TRACE_PROPERTIES. For a conceptual overview of event tracing, see the Microsoft Windows SDK. For information about tracing tools, see the Windows Driver Kit (WDK).

Remarks

After using this extension, you must resume program execution (for example, by using the g (Go) command) in order for it to take effect. After a brief time, the target computer automatically breaks into the debugger again.

When the trace session is started, the system assigns it an ordinal number (the logger ID). The session can then be referred to either by the logger name or the logger ID.

To stop the ETW logger, use !wmitrace.stop.