Quick and Dirty – Collect an ETW shutdown trace on Windows 7.

Let’s say you need to collect a trace of the shutdown of a Windows 7 box. Or 8, or 10. Whatever.

Maybe it takes forever, hangs up, et etc.

Jeff to the rescue;

For Windows 7, or Window 8.x, download the WADK for 8.1 update. You’re going to say, “but dude, this is for Windows 7”. The dude abides, for reasons I can’t go into, use the 8.1 update ADK please for a Windows 7 trace. Capiche?

Ok. So, Download here

That downloads adksetup.exe. Run it. It’s a web installer, we are going to opt-out of almost all of it; when you get to the below screen, make it look like so:

clickthisway.png

And then click Install. You’re going to want to know, what do all these do? Later, padwan learner, we’ll get to that sometime in the future.

For now, focus on the present. I know master Yoda says to be mindful of the future, but not at the cost of the now.

Anyway, when it is done, run WPRUI;

On Windows 7, you’ll likely be prompted to disable paging executive. Do it and reboot. This tells Kernel “YO! Keep all those stacks in RAM and don’t outpage them with yo bad self”.

Then rerun WPRUI if you had to reboot. Make the checkboxes look so;

checkboxhell.png

Arrows are where you need to change something. Then hit “start” and reboot.

After you power back up, you’ll find a trace in your appdata by default.

View with WPA (Windows Performace Advisor).

Enjoy.

Author: jeffstokes

Jeff Stokes

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s