I compiled the WDK 8.1 EventDrv sample and followed the directions. Everything is working, and I can get a kernel trace and a trace from this provider, merge them, and see the appropriate event data. I created a WPR profile including this provider and
it loads into the WPR GUI fine. I set strict=true on the custom provider I added. Traces including the profile will start when the driver is not loaded, but I don't get any events from it after loading and exercising it, post trace start. When
the driver is loaded and I try to start the trace, I get 0xc558300c which I can't find anything out about on the web. Any idea what this error means or what I might be doing wrong? Has anyone got this working with the sample?
↧