Kernel Trace Tool Overview

Describes the Kernel Trace tool to obtain trace information.

Purpose

The trace tool provides a means of extracting trace data from a memory buffer.

Required background

The kernel trace tool LDD is only a part of the actual kernel trace tool.

The actual kernel trace tool consists of the following:

  • btracex.ldd

    Used to obtain kernel activity and place it in a buffer that can be seen by user-side applications.

  • trace filters defined in EUser

    Used to filter out the trace information that is not required.

  • btracec.dll and btracec.lib

    Used to provide an interface for extracting trace data from a memory buffer.

Key concepts and terms

user-side and kernel-side

When an application asks for service from an operating system it is actually making a request for the operating system to carry this out (a state of affairs known as user-side). The request can only be carried out by the operating system (a state of affairs known as kernel-side).

This method is used to prevent one process (or thread) from interfering with the internal operation of another.

Architecture

The trace tool consists of two parts, a driver on the user-side that captures the required kernel events and writes them to a buffer that be accessed by user-side applications. Then a trace filter, btracec.dll and btrace.lib are used as an interface to the trace buffer.

APIs

API Description

RBTrace

Interface to the fast-trace memory buffer.

Note: Use btracec.dll and btracec.lib to access this buffer.

Typical uses

The kernel trace tool is intended to be used by developers for obtaining trace information.

Related concepts
Kernel Trace Tool Overview