Skip to content

How to obtain ETW trace

Jump to bottom
ge0rdi edited this page Jan 4, 2023 · 2 revisions

Event Tracing for Windows (ETW) is a Windows OS logging mechanism for troubleshooting and diagnostics, that allows us to tap into an enormous number of events that are generated by the OS every second.

Preparation

  • Make sure you are using latest version of Open-Shell (so we have proper symbols)
  • For older than Windows 10

Obtaining trace

  • Open elevated administrator console
  • Run wpr -start GeneralProfile to start tracing
  • Replicate scenario
  • Run wpr -stop trace.etl -skipPdbGen to stop tracing
  • Upload resulting trace.etl (eventually compressed with password) to some cloud storage

Note that ETW trace may contain potentially sensitive information. So it is not recommended to share it publicly.
Rather send link to trace directly to ge0rdi (at) gmx.com for analysis.

GitHub Release  GitHub Pre-Release  Build status  GitQ  Gitter chat  Discord

Clone this wiki locally