I was looking to monitor two things during boot:
1) DNS calls: I figure out how to trace DNS calls using:
xperf -on base+fileioxperf -start "myProv" -on Microsoft-Windows-DNS-Client -f prov.etl
pause
xperf -d main.etl
xperf -stop "myProv"
xperf -merge c:\trace\main.etl c:\trace\prov.etl c:\trace\out.etl
Is it possible to do this during an xbootmgr or WPR boot trace?
2) Track WinVerifyTrust api cert validation calls against files. Cert validation can be expensive and slow. I can track fileio callstacks, but it is very labor intensive. I'm looking to enable a provider similar to DNS in order to track the process and file associated with a cert validation. I see various "Cert" providers, but have not found what I'm looking for.
Thx