How to enable WPP tracing for a component at boot time?

  • Article

Been away for a while , busy with lotsa interesting online services projects ( my "new" group ) .  I'll see if I can blog about any of those interesting tidbits.. in the meantime.

WPP tracing is all over the place in Win7 – a quick count of registered providers shows 672 available providers via “logman .exe query providers”

 

We can choose a random one to pick on today – like BITS ( background intelligent transfer services ) .

Here we can view the available flags for this provider.

 

C:\>logman query providers "BITS Service Trace"

Provider GUID

-------------------------------------------------------------------------------

BITS Service Trace {4A8AAA94-CFC4-46A7-8E4E-17BC45608F0A}

Value Keyword Description

-------------------------------------------------------------------------------

0x0000000000000001 LogFlagInfo LogFlagInfo Flag

0x0000000000000002 LogFlagWarning LogFlagWarning Flag

0x0000000000000004 LogFlagError LogFlagError Flag

0x0000000000000008 LogFlagFunction LogFlagFunction Flag

0x0000000000000010 LogFlagRefCount LogFlagRefCount Flag

0x0000000000000020 LogFlagSerialize LogFlagSerialize Flag

0x0000000000000040 LogFlagDownload LogFlagDownload Flag

0x0000000000000080 LogFlagTask LogFlagTask Flag

0x0000000000000100 LogFlagLock LogFlagLock Flag

0x0000000000000200 LogFlagService LogFlagService Flag

0x0000000000000400 LogFlagDataBytes LogFlagDataBytes Flag

0x0000000000000800 LogFlagTransferDetails LogFlagTransferDetails Flag

0x0000000000001000 LogFlagPeer LogFlagPeer Flag

PID Image

-------------------------------------------------------------------------------

0x00000190

0x00000190

The command completed successfully.

But let’s get to the point. How do you enabled a trace log and maintain it across reboots?

 

You can follow the reg setting keys\values documented here - https://msdn.microsoft.com/en-us/library/aa363687(VS.85).aspx

 

The primary key is HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger

You can also download the DDK and use tracelog.exe with the /addautologger command see https://msdn.microsoft.com/en-us/library/dd852200.aspx

 

Luckily Logman.exe , which is included in the OS, has a nifty CLI switch to enable this.

The trick is to preface the log session name with “autosession\ ”.

 

C:\Windows\system32>logman create trace "autosession\SpatsBITSTrace" -p "BITS Service Trace" -o SpatsBITSTrace.etl

The command completed successfully.

 

 

You can add the parameters for buffers, flags and other from the cmd line as well.

 

This creates the following reg values and automatically sets them under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SpatsBITSTrace\{4A8AAA94-CFC4-46A7-8E4E-17BC45608F0A}

 

 

Just like any tracing session you can stop it via:

 

                logman stop “SpatsBITSTrace” -ets

 

You can delete this tracing logger permanently ( so it will not restart on the next boot ) via

 

                logman delete “autosession\ SpatsBITSTrace”

 

 

Hope it helps someone .

 

spat