microsoft / dtrace-on-windows Goto Github PK

This project forked from opendtrace/opendtrace

Code for the cross platform, single source, OpenDTrace implementation

License: Other

C 94.92% Roff 0.58% Yacc 0.33% Lex 0.34% Shell 0.08% Assembly 0.66% C++ 3.03% Raku 0.01% Perl 0.01% PowerShell 0.03%

dtrace-on-windows's Introduction

DTrace on Windows

Here at Microsoft, we are always looking to engage with open source communities to produce better solutions for the community and our customers. One of the more useful debugging advances that have arrived in the last decade is DTrace. DTrace of course needs no introduction: it's a dynamic tracing framework that allows an admin or developer to get a real-time look into a system either in user or kernel mode.

DTrace has a C-style high level and powerful programming language that allows you to dynamically insert trace points. Using these dynamically inserted trace points, you can filter on conditions or errors, write code to analyze lock patterns, detect deadlocks, etc. ETW, while powerful, is static and does not provide the ability to programmatically insert trace points at runtime.

There are a lot of websites and resources from the community to learn about DTrace. One comprehensive option is the Dynamic Tracing Guide. This book describes DTrace in detail and is the authoritative guide for DTrace. We also have Windows specific examples below.

Starting in 2016, the OpenDTrace effort began on GitHub that tried to ensure a portable implementation of DTrace for different operating systems. We decided to add support for DTrace on Windows using this OpenDTrace port. This is a fork of the 'opendtrace' repository and contains the unified, cross platform, source code for the OpenDTrace system including kernel components.

Install

Follow MSDN instructions.

Prerequisites:

Windows 10 x64 Build 1903 or higher

Limitations:

Only available for 64-bit platforms
Only captures traces for 64-bit processes

Steps:

Enable dtrace in the Boot Configuration Data (BCD) store. (bcdedit /set dtrace on) You will need to repeat this step every time you install a newer build of Windows.
Download and execute the dtrace installer.
Configure the _NT_SYMBOL_PATH environment variable for local symbol caching.
Reboot the target machine.

Examples

Note: DTrace on Windows leverages additional Windows security features that may impact your experience.

// Syscall summary by program for 5 seconds: 
dtrace -Fn "tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} "
 
// Summarize timer set/cancel program for 3 seconds: 
dtrace -Fn "tick-3sec { exit(0);} syscall::Nt*Timer*:entry { @[probefunc, execname, pid] = count();}"
 
// Dump System Process kernel structure: (requires symbol path to be set)
dtrace -n "BEGIN{print(*(struct nt`_EPROCESS *) nt`PsInitialSystemProcess);exit(0);}"
 
// Tracing paths through NTFS when running notepad.exe (requires KD attach): Run below command and launch notepad.exe
dtrace -Fn "fbt:ntfs::/execname==\"notepad.exe\"/{}"

Learn more

License

OpenDTrace is under the CDDL license, see the LICENSE file in this repository for details.

dtrace-on-windows's People

Contributors

Stargazers

Watchers

dtrace-on-windows's Issues

Ustack call yield enexpected result

Trying to use a prob with a ustack() call, i encounter the following behavior :

windows functions calls on the user stack are printed
only one line of the user function is printed
some standalone numbers appear

I would expect a stack trace with multiple lines

Following, i put the prob i use

$dtrace -s this_file -c your_program

#pragma D option quiet

BEGIN {
 printf("\n======================================================================\n");
 printf("                    Function Stack Count Statistics\n");
 printf("======================================================================\n");
}
pid$target:::entry
{
 @all_calls[stack(100)] = count();
}

END {
 printa(@all_calls);
}

syscall::NtTerminateProcess:return
/pid == $target/
{
 exit(0)
}

Process destructive actions don't work

I can do kernel destructive actions (discovered the hard way that breakpoint() works) but user destructive actions don't work.

This is on the latest win11 running in admin mode, sample script looks like this:

./dtrace -wn 'syscall::NtOpenFile:return /pid==1428/ { stop(); raise(1); printf(\"NtOpenFile hit\"); }'

Am I using this wrong? Nothing happens here, but if I do this it works:

./dtrace -wn 'syscall::NtOpenFile:return /pid==1428/ { breakpoint(); }'

dtrace for windows hangs forever after traced program finishes

This is a duplicate of this feedback hub issue

I ran into this problem when trying to run cargo-flamegraph, this is the corresponding issue on it's repo with some context.

The following command showcases the problem:

dtrace "-x" "ustackframes=100" "-n" 'profile-997 /pid == $target/ { @[ustack(100)] = count(); }' "-o" "cargo-flamegraph.stacks" "-c" "bcdedit.exe"

Note: this command is meant for powershell
Command for cmd.exe:

dtrace.exe -x ustackframes=100 -n "profile-997 /pid == $target/ { @[ustack(100)] = count(); }" -o cargo-flamegraph.stacks -c bcdedit.exe

version: Published 1/23/2020 on https://www.microsoft.com/en-us/download/details.aspx?id=100441 . dtrace -V prints dtrace: Sun D 1.13.1
windows version: 20H2 19042.844

no providers after installation

I installed DTrace for Windows for the first time and I only see the dtrace provider in dtrace -l:

C:\Windows\system32>dtrace -l
   ID   PROVIDER            MODULE                          FUNCTION NAME
    1     dtrace                                                     BEGIN
    2     dtrace                                                     END
    3     dtrace                                                     ERROR

I'm a Windows neophyte so I may be doing something wrong, but I tried to follow the install instructions.

FBT Function Names Missing

If anyone can give suggestions that would be super helpful. I have Dtrace working. When using FBT though there is a ton of missing function names.

Example from command dtrace -ln "fbt:nt::":

ID PROVIDER MODULE FUNCTION NAME
65535 fbt nt +0x00532898 return

I've tried using WinDBG to download the latest copy to my symbol path by setting .symchk and then using .reload /f while local kernel debugging. I've also tried remote kernel debugging, but this doesn't seem to change anything either.

My thoughts would be I could fix this in one of two ways:

I'm not sure if I've missed a step or fully overlooked some way of updating the symbol dtrace uses or how it reads the symbols to get function names out of ntkrnlmp.pdb since WinDbg seems to pull out all the function names, but Dtrace doesn't. If anyone knows some steps I can do or some troubleshooting that would be amazing.
I can look up the function name using WinDBG and get the function offset, but am unsure how to put a function offset into dtrace. It doesn't seem work using the command dtrace -ln "fbt:nt:+0x00532898:". If anyone knows a command to get this to work that would be appreciated.

Thanks for reading and any help people can give.

Add support for win32k syscalls

It would be nice if win32k syscalls can also be instrumented like ntos syscalls.

Please release a new version...

... so we can use flamegraph-rs on Windows

please provide alpha release builds (or provide instructions for running custom builds of dtrace)

Hi!

I really like that DTrace for Windows is a thing, thanks for that! And I really like that chill() support was recently added, since that's almost the most important DTrace function for my main use case (testing race conditions).

However, I see that the current DTrace release is from April 2022 according to its digital signature, and that according to issue #8 it is not possible to build a working bleeding edge dtrace kernel driver from the opensource code.

Since you've already said that you're not going to make it possible to build fully-functional DTrace from public sources, can you perhaps publish alpha builds somewhere more regularly, or make a new release?

DTrace MSI installer fails with Error 1920. Service 'drace' failed to start

Trying to run DTrace inside Hyper-v hosted Virtual machine running Windows 10 with latest updates.

Following the guidance on this page
https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/dtrace

Virtual Machine setup
Set-VMProcessor -VMName -ExposeVirtualizationExtensions $true

Enabled dtrace
bcdedit /set dtrace ON

Registry key set
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\ /v EnableVirtualizationBasedSecurity /t REG_DWORD /d 1

Symbol path set
mkdir c:\symbols
set _NT_SYMBOL_PATH=srvC:\symbolshttps://msdl.microsoft.com/download/symbols

Install of the MSI fails with the following error in msi logs.

StartServices: Service: dtrace
Error 1920. Service 'dtrace' (dtrace) failed to start.  Verify that you have sufficient privileges to start system services.
MSI (s) (CC:FC) [15:28:27:429]: Product: DTrace for Windows -- Error 1920. Service 'dtrace' (dtrace) failed to start.  Verify that you have sufficient privileges to start system services.

Error 1920. Service 'dtrace' (dtrace) failed to start.  Verify that you have sufficient privileges to start system services.

Simple Begin End examples work while other examples fail

Summary: Simple Begin End examples work while other examples fail (see below)

Also posted through Insider Feed Back from Windows 10.

Also: Resetting _NT_SYMBOL_PATH leaves DEBUG output enabled:

      $Env:_NT_SYMBOL_PATH = 0   
      OR 
      deleting variable still leaves DEBUG output enabled.

Version and system configuration

DTrace API VERSION:

dtrace: Sun D 1.13

Windows Version

Edition Windows 10 Pro
Version Dev
Installed on ‎5/‎29/‎2021
OS build 21390.1000
Experience Windows 10 Feature Experience Pack 321.13302.10.3

Symbol Path

$Env:_NT_SYMBOL_PATH
srvD:\Library\symbolshttps://msdl.microsoft.com/download/symbols

Get-ChildItem D:\Library\symbols

Mode LastWriteTime Length Name

d---- 5/18/2021 6:15 PM advapi32.pdb
d---- 5/18/2021 6:15 PM apphelp.pdb
d---- 5/24/2021 1:06 PM bcrypt.pdb
d---- 5/18/2021 6:15 PM bcryptprimitives.pdb
d---- 5/1/2021 9:03 AM cryptbase.pdb
d---- 5/19/2021 3:33 PM Kernel.Appcore.pdb
d---- 5/24/2021 1:06 PM kernel32.pdb
d---- 5/24/2021 1:06 PM kernelbase.pdb
d---- 5/1/2021 9:02 AM msvcrt.pdb
d---- 5/18/2021 6:15 PM mswsock.pdb
d---- 5/24/2021 1:06 PM ntdll.pdb
d---- 5/18/2021 6:15 PM rpcrt4.pdb
d---- 5/18/2021 6:15 PM sechost.pdb
d---- 5/24/2021 1:06 PM ucrtbase.pdb
d---- 5/24/2021 1:06 PM userenv.pdb
d---- 5/19/2021 3:26 PM vcruntime140.amd64.pdb
d---- 5/18/2021 6:15 PM ws2_32.pdb

Detailed results:

Simple Begin End examples work:

dtrace -n BEGIN -n END
dtrace: description 'BEGIN' matched 1 probe
dtrace: description 'END' matched 1 probe
CPU ID FUNCTION:NAME
1 1 :BEGIN

  0      2                             :END

Example script does NOT work

type hello.d
BEGIN
{
trace("hello, world");
exit(0);
}

dtrace -s hello.d
dtrace: script 'hello.d' matched 1 probe
dtrace: error on enabled probe ID 1 (ID 1: dtrace:::BEGIN): unknown fault in action #1

Examples from https://github.com/microsoft/DTrace-on-Windows Do NOT work:

Syscall summary by program for 5 seconds:

dtrace -Fn "tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} "
dtrace: invalid probe specifier tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} : probe description :::tick-5sec does not match any probes

Summarize timer set/cancel program for 3 seconds:

dtrace -Fn "tick-3sec { exit(0);} syscall::NtTimer:entry { @[probefunc, execname, pid] = count();}"
dtrace: invalid probe specifier tick-3sec { exit(0);} syscall::NtTimer:entry { @[probefunc, execname, pid] = count();}: probe description :::tick-3sec does not match any probes

Dump System Process kernel structure: (requires symbol path to be set)

dtrace -n "BEGIN{print((struct nt_EPROCESS *) ntPsInitialSystemProcess);exit(0);}"
dtrace: invalid probe specifier BEGIN{print((struct nt_EPROCESS *) ntPsInitialSystemProcess);exit(0);}: in action list: failed to resolve ntPsInitialSystemProcess: Unknown variable name

Tracing paths through NTFS when running notepad.exe (requires KD attach): Run below command and launch notepad.exe

dtrace -n "BEGIN{print((struct nt_EPROCESS *) ntPsInitialSystemProcess);exit(0);}"
dtrace: invalid probe specifier BEGIN{print((struct nt_EPROCESS *) ntPsInitialSystemProcess);exit(0);}: in action list: failed to resolve ntPsInitialSystemProcess: Unknown variable name

Example with DTRACE_DEBUG enabled:

$Env:DTRACE_DEBUG = 1
dtrace -Fn "tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} "

libdtrace DEBUG: failed to open C:\WINDOWS\System32\Drivers\dump_dumpstorport.sys: 00000002
libdtrace DEBUG: failed to open C:\WINDOWS\System32\drivers\dump_stornvme.sys: 00000002
libdtrace DEBUG: failed to open C:\WINDOWS\System32\Drivers\dump_dumpfve.sys: 00000002
libdtrace DEBUG: created CTF container for C (0000022C44BD5010)
libdtrace DEBUG: created CTF container for D (0000022C44BF6880)
libdtrace DEBUG: loaded CTF container for nt (0000022C44BF90D0)
libdtrace DEBUG: loaded CTF container for hal.dll (0000022C44BFAB60)
libdtrace DEBUG: loaded CTF container for kd.dll (0000022C44BFB1D0)
libdtrace DEBUG: loaded CTF container for CLFS.SYS (0000022C44BFB840)
libdtrace DEBUG: loaded CTF container for tm.sys (0000022C44BFBEB0)
libdtrace DEBUG: loaded CTF container for PSHED.dll (0000022C44BFC520)
libdtrace DEBUG: loaded CTF container for BOOTVID.dll (0000022C44BFCB90)
libdtrace DEBUG: loaded CTF container for FLTMGR.SYS (0000022C44BFD200)
libdtrace DEBUG: loaded CTF container for msrpc.sys (0000022C44BFD870)
libdtrace DEBUG: loaded CTF container for ksecdd.sys (0000022C44BFDEE0)
libdtrace DEBUG: loaded CTF container for clipsp.sys (0000022C44BFE550)
libdtrace DEBUG: loaded CTF container for cmimcext.sys (0000022C44BFEBC0)
libdtrace DEBUG: loaded CTF container for werkernel.sys (0000022C44C02E30)
libdtrace DEBUG: loaded CTF container for ntosext.sys (0000022C44C03090)
libdtrace DEBUG: loaded CTF container for CI.dll (0000022C44C032F0)
libdtrace DEBUG: loaded CTF container for cng.sys (0000022C44C04FC0)
libdtrace DEBUG: loaded CTF container for Wdf01000.sys (0000022C44C04D60)
libdtrace DEBUG: loaded CTF container for WDFLDR.SYS (0000022C44C05220)
libdtrace DEBUG: loaded CTF container for PRM.sys (0000022C44C035A0)
libdtrace DEBUG: loaded CTF container for acpiex.sys (0000022C44C03F20)
libdtrace DEBUG: loaded CTF container for WppRecorder.sys (0000022C44C03800)
libdtrace DEBUG: loaded CTF container for mssecflt.sys (0000022C44C03A60)
libdtrace DEBUG: loaded CTF container for SgrmAgent.sys (0000022C44C03CC0)
libdtrace DEBUG: loaded CTF container for lxss.sys (0000022C44C04180)
libdtrace DEBUG: loaded CTF container for LXCORE.SYS (0000022C44C04640)
libdtrace DEBUG: loaded CTF container for ACPI.sys (0000022C44C043E0)
libdtrace DEBUG: loaded CTF container for WMILIB.SYS (0000022C44C048A0)
libdtrace DEBUG: loaded CTF container for msisadrv.sys (0000022C44C04B00)
libdtrace DEBUG: loaded CTF container for pci.sys (0000022C44C0EB20)
libdtrace DEBUG: loaded CTF container for tpm.sys (0000022C44C0DCE0)
libdtrace DEBUG: loaded CTF container for intelpep.sys (0000022C44C0DF40)
libdtrace DEBUG: loaded CTF container for WindowsTrustedRT.sys (0000022C44C0E1A0)
libdtrace DEBUG: loaded CTF container for IntelPMT.sys (0000022C44C0E8C0)
libdtrace DEBUG: loaded CTF container for WindowsTrustedRTProxy.sys (0000022C44C0EFE0)
libdtrace DEBUG: loaded CTF container for pcw.sys (0000022C44C10C60)
libdtrace DEBUG: loaded CTF container for vdrvroot.sys (0000022C44C0F960)
libdtrace DEBUG: loaded CTF container for pdc.sys (0000022C44C0FE20)
libdtrace DEBUG: loaded CTF container for CEA.sys (0000022C44C107A0)
libdtrace DEBUG: loaded CTF container for partmgr.sys (0000022C44C0F240)
libdtrace DEBUG: loaded CTF container for spaceport.sys (0000022C44C10A00)
libdtrace DEBUG: loaded CTF container for volmgr.sys (0000022C44C0E400)
libdtrace DEBUG: loaded CTF container for volmgrx.sys (0000022C44C0F4A0)
libdtrace DEBUG: loaded CTF container for mountmgr.sys (0000022C44C0E660)
libdtrace DEBUG: loaded CTF container for stornvme.sys (0000022C44C0FBC0)
libdtrace DEBUG: loaded CTF container for storport.sys (0000022C44C10EC0)
libdtrace DEBUG: loaded CTF container for iaStorAC.sys (0000022C44C10080)
libdtrace DEBUG: loaded CTF container for EhStorClass.sys (0000022C44C0D820)
libdtrace DEBUG: loaded CTF container for fileinfo.sys (0000022C44C102E0)
libdtrace DEBUG: loaded CTF container for Wof.sys (0000022C44C10540)
libdtrace DEBUG: loaded CTF container for WdFilter.sys (0000022C44C0ED80)
libdtrace DEBUG: loaded CTF container for Ntfs.sys (0000022C44C0F700)
libdtrace DEBUG: loaded CTF container for Fs_Rec.sys (0000022C44C0DA80)
libdtrace DEBUG: loaded CTF container for ndis.sys (0000022C44C11120)
libdtrace DEBUG: loaded CTF container for NETIO.SYS (0000022C44C0D5C0)
libdtrace DEBUG: loaded CTF container for fse.sys (0000022C44C14CB0)
libdtrace DEBUG: loaded CTF container for fwpkclnt.sys (0000022C44C14F10)
libdtrace DEBUG: loaded CTF container for ksecpkg.sys (0000022C44C15890)
libdtrace DEBUG: loaded CTF container for tcpip.sys (0000022C44C13290)
libdtrace DEBUG: loaded CTF container for wfplwfs.sys (0000022C44C134F0)
libdtrace DEBUG: loaded CTF container for VmsProxy.sys (0000022C44C13E70)
libdtrace DEBUG: loaded CTF container for VmsProxyHNic.sys (0000022C44C15AF0)
libdtrace DEBUG: loaded CTF container for fvevol.sys (0000022C44C15170)
libdtrace DEBUG: loaded CTF container for stdcfltn.sys (0000022C44C140D0)
libdtrace DEBUG: loaded CTF container for amdkmpfd.sys (0000022C44C13750)
libdtrace DEBUG: loaded CTF container for volume.sys (0000022C44C14330)
libdtrace DEBUG: loaded CTF container for volsnap.sys (0000022C44C153D0)
libdtrace DEBUG: loaded CTF container for rdyboost.sys (0000022C44C139B0)
libdtrace DEBUG: loaded CTF container for mup.sys (0000022C44C14590)
libdtrace DEBUG: loaded CTF container for iorate.sys (0000022C44C15630)
libdtrace DEBUG: loaded CTF container for disk.sys (0000022C44C147F0)
libdtrace DEBUG: loaded CTF container for CLASSPNP.SYS (0000022C44C14A50)
libdtrace DEBUG: loaded CTF container for crashdmp.sys (0000022C44C12450)
libdtrace DEBUG: loaded CTF container for cdrom.sys (0000022C44C13C10)
libdtrace DEBUG: loaded CTF container for filecrypt.sys (0000022C44C15D50)
libdtrace DEBUG: loaded CTF container for tbs.sys (0000022C44C121F0)
libdtrace DEBUG: loaded CTF container for Null.SYS (0000022C44C126B0)
libdtrace DEBUG: loaded CTF container for Beep.SYS (0000022C44C12910)
libdtrace DEBUG: loaded CTF container for dxgkrnl.sys (0000022C44C12B70)
libdtrace DEBUG: loaded CTF container for watchdog.sys (0000022C44C12DD0)
libdtrace DEBUG: loaded CTF container for BasicDisplay.sys (0000022C44C13030)
libdtrace DEBUG: loaded CTF container for BasicRender.sys (0000022C44C1FDE0)
libdtrace DEBUG: loaded CTF container for Npfs.SYS (0000022C44C20E80)
libdtrace DEBUG: loaded CTF container for Msfs.SYS (0000022C44C20040)
libdtrace DEBUG: loaded CTF container for CimFS.SYS (0000022C44C210E0)
libdtrace DEBUG: loaded CTF container for tdx.sys (0000022C44C21F20)
libdtrace DEBUG: loaded CTF container for TDI.SYS (0000022C44C1ED40)
libdtrace DEBUG: loaded CTF container for netbt.sys (0000022C44C1F200)
libdtrace DEBUG: loaded CTF container for afunix.sys (0000022C44C1EAE0)
libdtrace DEBUG: loaded CTF container for afd.sys (0000022C44C21340)
libdtrace DEBUG: loaded CTF container for nordlwf.sys (0000022C44C1EFA0)
libdtrace DEBUG: loaded CTF container for npcap.sys (0000022C44C20500)
libdtrace DEBUG: loaded CTF container for VBoxNetLwf.sys (0000022C44C202A0)
libdtrace DEBUG: loaded CTF container for vwififlt.sys (0000022C44C22180)
libdtrace DEBUG: loaded CTF container for vfpext.sys (0000022C44C1E620)
libdtrace DEBUG: loaded CTF container for pacer.sys (0000022C44C215A0)
libdtrace DEBUG: loaded CTF container for ndiscap.sys (0000022C44C209C0)
libdtrace DEBUG: loaded CTF container for hvsifltr.sys (0000022C44C20760)
libdtrace DEBUG: loaded CTF container for netbios.sys (0000022C44C20C20)
libdtrace DEBUG: loaded CTF container for serial.sys (0000022C44C1E880)
libdtrace DEBUG: loaded CTF container for Vid.sys (0000022C44C1F6C0)
libdtrace DEBUG: loaded CTF container for winhvr.sys (0000022C44C1F920)
libdtrace DEBUG: loaded CTF container for rdbss.sys (0000022C44C21800)
libdtrace DEBUG: loaded CTF container for csc.sys (0000022C44C21A60)
libdtrace DEBUG: loaded CTF container for vbdenum.sys (0000022C44C21CC0)
libdtrace DEBUG: loaded CTF container for VBoxUSBMon.sys (0000022C44C1F460)
libdtrace DEBUG: loaded CTF container for VBoxDrv.sys (0000022C44C1FB80)
libdtrace DEBUG: loaded CTF container for nsiproxy.sys (0000022C44C2C3B0)
libdtrace DEBUG: loaded CTF container for npsvctrig.sys (0000022C44C2B570)
libdtrace DEBUG: loaded CTF container for mssmbios.sys (0000022C44C2C610)
libdtrace DEBUG: loaded CTF container for gpuenergydrv.sys (0000022C44C2BEF0)
libdtrace DEBUG: loaded CTF container for DTrace.sys (0000022C44C2DDD0)
libdtrace DEBUG: loaded CTF container for dfsc.sys (0000022C44C2CAD0)
libdtrace DEBUG: loaded CTF container for fastfat.SYS (0000022C44C2E750)
libdtrace DEBUG: loaded CTF container for bam.sys (0000022C44C2D1F0)
libdtrace DEBUG: loaded CTF container for ahcache.sys (0000022C44C2D450)
libdtrace DEBUG: loaded CTF container for vmbusr.sys (0000022C44C2C870)
libdtrace DEBUG: loaded CTF container for hvsocket.sys (0000022C44C2AE50)
libdtrace DEBUG: loaded CTF container for vmbkmclr.sys (0000022C44C2DB70)
libdtrace DEBUG: loaded CTF container for hvservice.sys (0000022C44C2E9B0)
libdtrace DEBUG: loaded CTF container for vmswitch.sys (0000022C44C2D910)
libdtrace DEBUG: loaded CTF container for tapnordvpn.sys (0000022C44C2CD30)
libdtrace DEBUG: loaded CTF container for CompositeBus.sys (0000022C44C2CF90)
libdtrace DEBUG: loaded CTF container for serscan.sys (0000022C44C2C150)
libdtrace DEBUG: loaded CTF container for ksthunk.sys (0000022C44C2D6B0)
libdtrace DEBUG: loaded CTF container for ks.sys (0000022C44C2E030)
libdtrace DEBUG: loaded CTF container for kdnic.sys (0000022C44C2E290)
libdtrace DEBUG: loaded CTF container for vkrnlintvsp.sys (0000022C44C2E4F0)
libdtrace DEBUG: loaded CTF container for umbus.sys (0000022C44C2B0B0)
libdtrace DEBUG: loaded CTF container for CAD.sys (0000022C44C2B7D0)
libdtrace DEBUG: loaded CTF container for nvlddmkm.sys (0000022C44C2B310)
libdtrace DEBUG: loaded CTF container for igdkmd64.sys (0000022C44C2BA30)
libdtrace DEBUG: loaded CTF container for USBXHCI.SYS (0000022C44C2BC90)
libdtrace DEBUG: loaded CTF container for ucx01000.sys (0000022C44C3A3D0)
libdtrace DEBUG: loaded CTF container for TeeDriverW10x64.sys (0000022C44C3B210)
libdtrace DEBUG: loaded CTF container for serenum.sys (0000022C44C397F0)
libdtrace DEBUG: loaded CTF container for Netwtw06.sys (0000022C44C3AAF0)
libdtrace DEBUG: loaded CTF container for wdiwifi.sys (0000022C44C38290)
libdtrace DEBUG: loaded CTF container for vwifibus.sys (0000022C44C3B470)
libdtrace DEBUG: loaded CTF container for RtsPer.sys (0000022C44C39CB0)
libdtrace DEBUG: loaded CTF container for ICCWDT.sys (0000022C44C3AFB0)
libdtrace DEBUG: loaded CTF container for dptf_acpi.sys (0000022C44C39F10)
libdtrace DEBUG: loaded CTF container for i8042prt.sys (0000022C44C384F0)
libdtrace DEBUG: loaded CTF container for kbdclass.sys (0000022C44C3B6D0)
libdtrace DEBUG: loaded CTF container for Apfiltr.sys (0000022C44C3A890)
libdtrace DEBUG: loaded CTF container for mouclass.sys (0000022C44C3B930)
libdtrace DEBUG: loaded CTF container for parport.sys (0000022C44C3BB90)
libdtrace DEBUG: loaded CTF container for HDAudBus.sys (0000022C44C39A50)
libdtrace DEBUG: loaded CTF container for portcls.sys (0000022C44C38C10)
libdtrace DEBUG: loaded CTF container for drmk.sys (0000022C44C3BDF0)
libdtrace DEBUG: loaded CTF container for Smb_driver_Intel.sys (0000022C44C38E70)
libdtrace DEBUG: loaded CTF container for e1d68x64.sys (0000022C44C39330)
libdtrace DEBUG: loaded CTF container for ST_Accel.sys (0000022C44C38750)
libdtrace DEBUG: loaded CTF container for wmiacpi.sys (0000022C44C3A170)
libdtrace DEBUG: loaded CTF container for intelppm.sys (0000022C44C390D0)
libdtrace DEBUG: loaded CTF container for acpipagr.sys (0000022C44C389B0)
libdtrace DEBUG: loaded CTF container for CmBatt.sys (0000022C44C39590)
libdtrace DEBUG: loaded CTF container for BATTC.SYS (0000022C44C3A630)
libdtrace DEBUG: loaded CTF container for DellRctl.sys (0000022C44C3AD50)
libdtrace DEBUG: loaded CTF container for DellRbtn.sys (0000022C44C45E80)
libdtrace DEBUG: loaded CTF container for mshidkmdf.sys (0000022C44C44DE0)
libdtrace DEBUG: loaded CTF container for HIDCLASS.SYS (0000022C44C46CC0)
libdtrace DEBUG: loaded CTF container for HIDPARSE.SYS (0000022C44C48220)
libdtrace DEBUG: loaded CTF container for UEFI.sys (0000022C44C460E0)
libdtrace DEBUG: loaded CTF container for vpcivsp.sys (0000022C44C473E0)
libdtrace DEBUG: loaded CTF container for storvsp.sys (0000022C44C452A0)
libdtrace DEBUG: loaded CTF container for NdisVirtualBus.sys (0000022C44C46340)
libdtrace DEBUG: loaded CTF container for swenum.sys (0000022C44C45040)
libdtrace DEBUG: loaded CTF container for dddriver64Dcsa.sys (0000022C44C47FC0)
libdtrace DEBUG: loaded CTF container for rdpbus.sys (0000022C44C44B80)
libdtrace DEBUG: loaded CTF container for UsbHub3.sys (0000022C44C45500)
libdtrace DEBUG: loaded CTF container for USBD.SYS (0000022C44C446C0)
libdtrace DEBUG: loaded CTF container for USBSTOR.SYS (0000022C44C44920)
libdtrace DEBUG: loaded CTF container for usbccgp.sys (0000022C44C46F20)
libdtrace DEBUG: loaded CTF container for RTDVHD64.sys (0000022C44C46800)
libdtrace DEBUG: loaded CTF container for IntcDAud.sys (0000022C44C478A0)
libdtrace DEBUG: loaded CTF container for wdcsam64.sys (0000022C44C45760)
libdtrace DEBUG: loaded CTF container for swmbbser05.sys (0000022C44C47180)
libdtrace DEBUG: loaded CTF container for modem.sys (0000022C44C465A0)
libdtrace DEBUG: loaded CTF container for cxwmbclass.sys (0000022C44C47B00)
libdtrace DEBUG: loaded CTF container for NetAdapterCx.sys (0000022C44C47D60)
libdtrace DEBUG: loaded CTF container for MbbCx.sys (0000022C44C459C0)
libdtrace DEBUG: loaded CTF container for ibtusb.sys (0000022C44C46A60)
libdtrace DEBUG: loaded CTF container for BTHUSB.sys (0000022C44C45C20)
libdtrace DEBUG: loaded CTF container for BTHport.sys (0000022C44C47640)
libdtrace DEBUG: loaded CTF container for cvusbdrv.sys (0000022C44C54190)
libdtrace DEBUG: loaded CTF container for bcmnfcusb.sys (0000022C44C50AF0)
libdtrace DEBUG: loaded CTF container for usbvideo.sys (0000022C44C53350)
libdtrace DEBUG: loaded CTF container for rfcomm.sys (0000022C44C530F0)
libdtrace DEBUG: loaded CTF container for BthEnum.sys (0000022C44C522B0)
libdtrace DEBUG: loaded CTF container for bthpan.sys (0000022C44C535B0)
libdtrace DEBUG: loaded CTF container for Microsoft.Bluetooth.Legacy.LEEnumerator.sys (0000022C44C50D50)
libdtrace DEBUG: loaded CTF container for BthA2dp.sys (0000022C44C53CD0)
libdtrace DEBUG: loaded CTF container for btampm.sys (0000022C44C53F30)
libdtrace DEBUG: loaded CTF container for Microsoft.Bluetooth.AvrcpTransport.sys (0000022C44C51B90)
libdtrace DEBUG: loaded CTF container for bthhfenum.sys (0000022C44C543F0)
libdtrace DEBUG: loaded CTF container for BthHfAud.sys (0000022C44C52770)
libdtrace DEBUG: loaded CTF container for win32k.sys (0000022C44C52510)
libdtrace DEBUG: loaded CTF container for win32kbase.sys (0000022C44C51470)
libdtrace DEBUG: loaded CTF container for win32kfull.sys (0000022C44C529D0)
libdtrace DEBUG: loaded CTF container for dxgmms2.sys (0000022C44C52C30)
libdtrace DEBUG: loaded CTF container for monitor.sys (0000022C44C52E90)
libdtrace DEBUG: loaded CTF container for dptf_cpu.sys (0000022C44C54650)
libdtrace DEBUG: loaded CTF container for esif_lf.sys (0000022C44C53810)
libdtrace DEBUG: loaded CTF container for WUDFRd.sys (0000022C44C51DF0)
libdtrace DEBUG: loaded CTF container for cdd.dll (0000022C44C53A70)
libdtrace DEBUG: loaded CTF container for WinUSB.SYS (0000022C44C50FB0)
libdtrace DEBUG: loaded CTF container for scfilter.sys (0000022C44C51210)
libdtrace DEBUG: loaded CTF container for rdpvideominiport.sys (0000022C44C516D0)
libdtrace DEBUG: loaded CTF container for mmcss.sys (0000022C44C51930)
libdtrace DEBUG: loaded CTF container for luafv.sys (0000022C44C52050)
libdtrace DEBUG: loaded CTF container for wcifs.sys (0000022C44C566D0)
libdtrace DEBUG: loaded CTF container for cldflt.sys (0000022C44C57C30)
libdtrace DEBUG: loaded CTF container for storqosflt.sys (0000022C44C55170)
libdtrace DEBUG: loaded CTF container for bindflt.sys (0000022C44C55630)
libdtrace DEBUG: loaded CTF container for mpsdrv.sys (0000022C44C580F0)
libdtrace DEBUG: loaded CTF container for lltdio.sys (0000022C44C57510)
libdtrace DEBUG: loaded CTF container for bridge.sys (0000022C44C58350)
libdtrace DEBUG: loaded CTF container for mslldp.sys (0000022C44C55890)
libdtrace DEBUG: loaded CTF container for rspndr.sys (0000022C44C57770)
libdtrace DEBUG: loaded CTF container for wanarp.sys (0000022C44C56930)
libdtrace DEBUG: loaded CTF container for ndisuio.sys (0000022C44C56B90)
libdtrace DEBUG: loaded CTF container for nwifi.sys (0000022C44C55FB0)
libdtrace DEBUG: loaded CTF container for umpass.sys (0000022C44C55D50)
libdtrace DEBUG: loaded CTF container for WpdUpFltr.sys (0000022C44C579D0)
libdtrace DEBUG: loaded CTF container for rdpdr.sys (0000022C44C572B0)
libdtrace DEBUG: loaded CTF container for bowser.sys (0000022C44C56210)
libdtrace DEBUG: loaded CTF container for msquic.sys (0000022C44C56DF0)
libdtrace DEBUG: loaded CTF container for mrxsmb.sys (0000022C44C553D0)
libdtrace DEBUG: loaded CTF container for mrxsmb20.sys (0000022C44C57050)
libdtrace DEBUG: loaded CTF container for condrv.sys (0000022C44C57E90)
libdtrace DEBUG: loaded CTF container for tsusbhub.sys (0000022C44C55AF0)
libdtrace DEBUG: loaded CTF container for wbfcvusbdrv.sys (0000022C44C585B0)
libdtrace DEBUG: loaded CTF container for IndirectKmd.sys (0000022C44C56470)
libdtrace DEBUG: loaded CTF container for HTTP.sys (0000022C44C58810)
libdtrace DEBUG: loaded CTF container for srvnet.sys (0000022C44C58A70)
libdtrace DEBUG: loaded CTF container for hvsocketcontrol.sys (0000022C44C54F10)
libdtrace DEBUG: loaded CTF container for ctxusbmon.sys (0000022C44C651E0)
libdtrace DEBUG: loaded CTF container for srv2.sys (0000022C44C683C0)
libdtrace DEBUG: loaded CTF container for mqac.sys (0000022C44C656A0)
libdtrace DEBUG: loaded CTF container for NdisImPlatform.sys (0000022C44C669A0)
libdtrace DEBUG: loaded CTF container for peauth.sys (0000022C44C68620)
libdtrace DEBUG: loaded CTF container for Ndu.sys (0000022C44C64140)
libdtrace DEBUG: loaded CTF container for tcpipreg.sys (0000022C44C68880)
libdtrace DEBUG: loaded CTF container for rassstp.sys (0000022C44C63EE0)
libdtrace DEBUG: loaded CTF container for NDProxy.sys (0000022C44C664E0)
libdtrace DEBUG: loaded CTF container for AgileVpn.sys (0000022C44C64860)
libdtrace DEBUG: loaded CTF container for rasl2tp.sys (0000022C44C66C00)
libdtrace DEBUG: loaded CTF container for raspptp.sys (0000022C44C696C0)
libdtrace DEBUG: loaded CTF container for raspppoe.sys (0000022C44C67A40)
libdtrace DEBUG: loaded CTF container for vwifimp.sys (0000022C44C67CA0)
libdtrace DEBUG: loaded CTF container for ndistapi.sys (0000022C44C63560)
libdtrace DEBUG: loaded CTF container for ndiswan.sys (0000022C44C68160)
libdtrace DEBUG: loaded CTF container for asyncmac.sys (0000022C44C64AC0)
libdtrace DEBUG: loaded CTF container for WSDPrint.sys (0000022C44C64600)
libdtrace DEBUG: loaded CTF container for WSDScan.sys (0000022C44C62720)
libdtrace DEBUG: loaded CTF container for WdNisDrv.sys (0000022C44C65440)
libdtrace DEBUG: loaded CTF container for winnat.sys (0000022C44C643A0)
libdtrace DEBUG: loaded CTF container for vhdparser.sys (0000022C44C64F80)
libdtrace DEBUG: loaded CTF container for FsDepends.sys (0000022C44C68AE0)
libdtrace DEBUG: loaded CTF container for vhdmp.sys (0000022C44C65DC0)
libdtrace DEBUG: loaded CTF container for ALSysIO64.sys (0000022C44C66740)
libdtrace DEBUG: loaded CTF container for MpKslDrv.sys (0000022C44C62E40)
libdtrace DEBUG: loaded CTF container for p9rdr.sys (0000022C44C637C0)
libdtrace DEBUG: loaded printf conversion %a
libdtrace DEBUG: loaded printf conversion %A
libdtrace DEBUG: loaded printf conversion %c
libdtrace DEBUG: loaded printf conversion %C
libdtrace DEBUG: loaded printf conversion %d
libdtrace DEBUG: loaded printf conversion %e
libdtrace DEBUG: loaded printf conversion %E
libdtrace DEBUG: loaded printf conversion %f
libdtrace DEBUG: loaded printf conversion %g
libdtrace DEBUG: loaded printf conversion %G
libdtrace DEBUG: loaded printf conversion %hd
libdtrace DEBUG: loaded printf conversion %hi
libdtrace DEBUG: loaded printf conversion %ho
libdtrace DEBUG: loaded printf conversion %hu
libdtrace DEBUG: loaded printf conversion %hx
libdtrace DEBUG: loaded printf conversion %hX
libdtrace DEBUG: loaded printf conversion %i
libdtrace DEBUG: loaded printf conversion %I
libdtrace DEBUG: loaded printf conversion %k
libdtrace DEBUG: loaded printf conversion %lc
libdtrace DEBUG: loaded printf conversion %ld
libdtrace DEBUG: loaded printf conversion %li
libdtrace DEBUG: loaded printf conversion %lo
libdtrace DEBUG: loaded printf conversion %lu
libdtrace DEBUG: loaded printf conversion %ls
libdtrace DEBUG: loaded printf conversion %lx
libdtrace DEBUG: loaded printf conversion %lX
libdtrace DEBUG: loaded printf conversion %lld
libdtrace DEBUG: loaded printf conversion %lli
libdtrace DEBUG: loaded printf conversion %llo
libdtrace DEBUG: loaded printf conversion %llu
libdtrace DEBUG: loaded printf conversion %llx
libdtrace DEBUG: loaded printf conversion %llX
libdtrace DEBUG: loaded printf conversion %Le
libdtrace DEBUG: loaded printf conversion %LE
libdtrace DEBUG: loaded printf conversion %Lf
libdtrace DEBUG: loaded printf conversion %Lg
libdtrace DEBUG: loaded printf conversion %LG
libdtrace DEBUG: loaded printf conversion %o
libdtrace DEBUG: loaded printf conversion %p
libdtrace DEBUG: loaded printf conversion %P
libdtrace DEBUG: loaded printf conversion %s
libdtrace DEBUG: loaded printf conversion %S
libdtrace DEBUG: loaded printf conversion %T
libdtrace DEBUG: loaded printf conversion %u
libdtrace DEBUG: loaded printf conversion %wc
libdtrace DEBUG: loaded printf conversion %ws
libdtrace DEBUG: loaded printf conversion %x
libdtrace DEBUG: loaded printf conversion %X
libdtrace DEBUG: loaded printf conversion %Y
libdtrace DEBUG: loaded printf conversion %%
libdtrace DEBUG: populating global idhash from 00007FFA82D190B0
libdtrace DEBUG: symbol server failed to open control device, 00000002
libdtrace DEBUG: Execution policy: 'Bypass' from scope 'LocalMachine'
dtrace: invalid probe specifier tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} : probe description :::tick-5sec does not match any probes
libdtrace DEBUG: dt_buf_destroy(section headers): size=512 resizes=0
libdtrace DEBUG: dt_buf_destroy(string table): size=512 resizes=0
libdtrace DEBUG: dt_buf_destroy(loadable data): size=512 resizes=0
libdtrace DEBUG: dt_buf_destroy(unloadable data): size=512 resizes=0
libdtrace DEBUG: dt_buf_destroy(probe data): size=512 resizes=0
libdtrace DEBUG: dt_buf_destroy(probe args): size=512 resizes=0
libdtrace DEBUG: dt_buf_destroy(probe offs): size=512 resizes=0
libdtrace DEBUG: dt_buf_destroy(probe is-enabled offs): size=512 resizes=0
libdtrace DEBUG: dt_buf_destroy(probe rels): size=512 resizes=0
libdtrace DEBUG: dt_buf_destroy(xlate members): size=512 resizes=0

Also fails: DTraceToolkit version 0.99, 30-Sep-2007 https://github.com/opendtrace/toolkit

Similar results to running Hello.d but some of these errors may be due to Windows vs. Solaris

C:\ProgramData\Microsoft\Diagnosis\FeedbackArchive

Windows 11 support

Hello,

Is DTrace supposed to work on Windows 11? Only the dtrace and profile probes are shown when running on Win11. Are there any additional configuration steps to perform compared to Win10?

sizeof() on locals crashes dtrace

Trying to take the sizeof() an automatic variable crashes dtrace.

Reproduce: dtrace -n 'BEGIN { a = sizeof(a); }'

$ cdb -c 'g;k;q' dtrace -n 'BEGIN { a = sizeof(a); }'
Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: dtrace -n "BEGIN { a = sizeof(a); }"

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\symbols*https://msdl.microsoft.com/download/sy
mbols
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00007ff6`baf20000 00007ff6`baf2e000   dtrace.exe
ModLoad: 00007ffd`528d0000 00007ffd`52ac5000   ntdll.dll
ModLoad: 00007ffd`50fe0000 00007ffd`5109e000   C:\WINDOWS\System32\KERNEL32.DLL
ModLoad: 00007ffd`50170000 00007ffd`50438000   C:\WINDOWS\System32\KERNELBASE.dll
ModLoad: 00007ffd`50070000 00007ffd`50170000   C:\WINDOWS\System32\ucrtbase.dll
ModLoad: 00007ffd`15550000 00007ffd`15633000   C:\Program Files\DTrace\dtrace.dll
ModLoad: 00007ffd`51590000 00007ffd`516ba000   C:\WINDOWS\System32\RPCRT4.dll
ModLoad: 00007ffc`f1960000 00007ffc`f1b45000   C:\Program Files\DTrace\dbghelp.dll
(192c.3a1c): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ffd`529a06b0 cc              int     3
0:000> cdb: Reading initial command 'g;k;q'
ModLoad: 00007ffd`4ffe0000 00007ffd`50062000   C:\WINDOWS\System32\bcryptPrimitives.dll
(192c.3a1c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
Child-SP          RetAddr           Call Site
000000f5`9431f228 00007ffd`1559403a dtrace!ctf_lookup_by_id+0x9
000000f5`9431f230 00007ffd`1557dd53 dtrace!ctf_type_resolve+0x62
000000f5`9431f270 00007ffd`1557ff7c dtrace!dt_cook_op2+0x993
000000f5`9431f460 00007ffd`1557ef02 dtrace!dt_node_cook+0x30
000000f5`9431f490 00007ffd`1557ff7c dtrace!dt_cook_statement+0x12
000000f5`9431f4d0 00007ffd`1557fff0 dtrace!dt_node_cook+0x30
000000f5`9431f500 00007ffd`1557f26c dtrace!dt_node_list_cook+0x44
000000f5`9431f550 00007ffd`1557ff7c dtrace!dt_cook_clause+0x21c
000000f5`9431f740 00007ffd`15575c3e dtrace!dt_node_cook+0x30
000000f5`9431f770 00007ffd`155775f1 dtrace!dt_compile_one_clause+0x42
000000f5`9431f7c0 00007ffd`15577723 dtrace!dt_compile+0x82d
000000f5`9431fb20 00007ff6`baf22081 dtrace!dtrace_program_strcompile+0x43
000000f5`9431fb80 00007ff6`baf23cf5 dtrace_exe!com

How to uninstall permanently?

There isn't an obvious solution to permanently removing this driver as after every windows update it reappears (/ re-enables it's self).
This is primarily an issue for me as this driver is sometimes detected as cheating software by anti-cheat technologies.

Things i've tried:

using the installer to uninstall
deleting the files of the driver
disabling in registry

Thanks

Support for dtrace in Windows Sandbox

One of the use case for dtrace on Windows would be to better understand unknown software behavior better, under a more isolated environment. Now that you can run binaries in Sandbox, will Sandbox eventually support dtrace? Asking because you can't do bcdedit in Sandbox.

No probes after building from source

Hello everyone!

You have no idea how cool I think it is that I can run dtrace on Windows! I am a professor teaching a malware analysis course and we spent the better part of three classes learning dtrace for Windows.

I am attempting to build add a few additional "niceties" into the language that are Windows specific for working with unicode strings (not sure whether you will want them, ultimately, but ...)

I have everything working (I think) and I get a new dtrace.exe and dtrace.sys and the the sys file loads properly in the kernel. However, when I run it, the only probes available are the three dtrace-native ones

>  ..\cmd\dtrace.exe -l
   ID   PROVIDER            MODULE                          FUNCTION NAME
    1     dtrace                                                     BEGIN
    2     dtrace                                                     END
    3     dtrace                                                     ERROR

I am sure that I am doing something wrong but I cannot seem to find any debugging output or errors to help me figure out my mistake. If you can help, that would be incredible.

I am running

Build 22621.ni_release.220506-1250

and have
10.0.22621 Windows SDK installed

and have retargeted to that (the way that the docs say).

Again, I would never turn to you for help without having done all I think I can on my own. If you can help, I would sincerely appreciate it!

Thanks again for bringing dtrace to Windows!
Will

Add support for fds[] array

It would be really nice if the fds[] array was supported as well which is handy for cases like below.

PS C:\Program Files\DTrace> .\dtrace -n syscall::NtWriteFile:entry'{trace(fds[arg0].fi_pathname);}'
dtrace: invalid probe specifier syscall::NtWriteFile:entry{trace(fds[arg0].fi_pathname);}: in action list: fds has not yet been declared or assigned

This repo is missing important files

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

Driver out of date

For whatever reason the driver in this project is incomplete. Key routines such as TraceRegisterEngine and TraceInitSystem are not implemented. Generally the kernel interface should be documented as this would help security researchers use these apis :)

Cannot compile dtrace.sys, spectre-mitigated libraries installed but getting MSB8040 error.

Host configuration

MacOS(10.14.6)
VMware Fusion

VM Configuration:

Windows 10 pro 19043.1052
Visual Studio 2019

VS Individual Components:

MSVC v141 - VS 2017 C++ x64/x86 build tools (v14.16)
MSVC v141 - VS 2017 C++ x64/x86 Spectre-mitigated libraries (v14.16)
Windows SDK 10.0.17763.0

Project Configuration:

Set "Spectre Mitigation" field in "Code Generation" to "Enabled (/Qspectre)" for all projects inside solution.
Windows SDK Version is set to 10.0.17763.0 for all projects.

For dtrace.dll and dtrace.exe project build is successful, but for dtrace.sys MSB8040 error is displaying. No other warnings / errors displayed.

printf widestring format error

We should use %*.*ws or %.*ws to printf unicode string. If we use %*ws, the format will cause error string on the command.

Dtrace for older builds like 17763 for Windows Server

Hi!

I really like that DTrace for Windows is a thing, thanks for that!

Do you have a plan for the providing installation and work option for old releases?

](dtrace: failed to initialize dtrace: DTrace device not available on system)

or do you have instruction for the building for the custom builds ?
that one did not help for old release https://github.com/microsoft/DTrace-on-Windows/blob/windows/COMPILING.md

Cheers,
GT

Add support for uregs[] array

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.