Skip to main content

Posts

Showing posts from May, 2018

Add WPP tracing to the Kernel Mode (Windows driver)

Adding trace messages like errors, warning, and information in a software application is an important but time-consuming task. Also, adding custom trace handler in an application might hamper performance. So, there is some built-in tracing mechanism in windows which can be used by the software developer to add the tracing mechanism. This mechanism is known as "WPP" (Windows Software Trace PreProcessor), and, it can be used directly in user-mode applications and even in kernel mode components (Drivers). Some advantages of WPP tracing:  Dynamic and flexible control Ability view message in Real Time Rich Information  Easy migration from DbgPrint and KDPrint Inclusion is shipped product Minimal performance impact In this article, we are going to implement WPP for a kernel mode component (driver). WPP uses the "Event Tracing for Windows" (ETW) API for logging event messages. Support: Windows 2000 and onwards Note: Settings which are mentioned in this a