Edit

Share via

Preparing to Use TraceView

  • Article

Before you use TraceView, you need to gather information about event tracing and about the trace provider that you are tracing. This topic describes these prerequisites.

Note   If you are running TraceView on versions of the Windows operating system earlier than Windows Vista , you must copy the Dbghelp.dll file to the same subdirectory as the TraceView executable file, TraceView.exe.

By default, TraceView.exe is located in the tools\<Platform> subdirectory of the Windows Driver Kit (WDK), where <Platform> is either i386, amd64, or ia64. The Dbghelp.dll is installed, by default, in the \bin\x86 subdirectory.

Understand Event Tracing

Before you use TraceView, you should be familiar with event tracing. For more information, see WPP Software Tracing and Event Tracing for Windows.

Also, examine Tracedrv (Tracedrv.c), a sample driver instrumented with WPP software tracing. The Tracedrv sample is available in the Windows driver samples repository on GitHub. Build the Tracedrv driver and its engine, Tracectl (Tracectl.c), and then use the driver and engine to experiment with TraceView.

Know the Trace Provider

You should be familiar with the trace provider that you are tracing, and the types of trace messages that it generates.

TraceView displays trace event and trace messages in a human-readable format, but it does not interpret them or provide any information or context for the messages. To understand the messages and what they indicate about the provider, you must be very familiar with the operation of the provider.

Find Provider Files

To view the trace messages from a trace provider, you will need to provide one of the following locations to TraceView:

The NT Kernel Logger Trace Session uses the system.tmf file that is included in the WDK (\tools\tracing\i386).

These files, and their use in TraceView, are described in Creating an NT Kernel Logger Trace Session. You will use this information when you create a trace session.