Hi,
We are developing an NDIS driver for our custom built network card and were experiencing some performance issues at the windows driver. More or less easily we got WPP running, but also recognized, that this tool or tracing method is not powerful enough. So we turned to ETW.
This post was very helping to point us in the right direction.
After reading a lot of msdn-articles, some sort of deeper understanding of the process appeared, and we were confident this would work. Altough we made some progress (after getting into a lot of traps) we are now able to somehow see some events of the driver in the tool "Windows Performance Analyzer", but it does not differentiate any of the parameters/trace flags/message guids. leaving us with less clue what is happening than before.
Are we missing anything on how to link the debugging information with the trace from the driver?
What we currently use and do:
- an instrumentation manifest .xml file which automatically generates .h and .rc file(s) with mc.exe
- an NDIS 5.1 kernel mode driver with ETW enabled, built as checked x64 for win7 with a .pdb file.
- check if .pdb is matching the driver: symchk ourdriver.sys /s c:\blah\amd64
- (then of course install the driver too)
- start logging with: xperf -on LOADER+PROG_THREAD+DPC+INTERRUPT -maxbuffers 1024
- doing some tests which should call some of the trace functions
- stopping with xperf -d ourtrace.etl
- checking the logfile with: xperf -i ourtrace.etl -a tracestats
- looking at the .etl file with "Windows Performance Analyzer" including loaded symbols (also ourdriver.pdb)
(Also some modifications of the parameters, different flags, etc...)
We also tried some different approaches to get .etl files or viewing the results, but this is the method who brought us at least a visible result. (like tracelog, logman, Windows Performance Recorder, wevtutil, traceview, ...)
So we are kind of stuck here... Anything we might have missed? Is another tool combination of better use?