First published on MSDN on Sep 02, 2014 By Philip Froese [MSFT]
[Update 04/25/2019] We strongly suggest you to use instructions from http://aka.ms/usbtrace for collecting USB traces specially if you are root causing problems related to USB Type-C and HID.
[Update 11/2016] The commands outlined in this post are now published in the USB and HID trace capture script available at http://aka.ms/usbtrace .
Previous blog posts have described in detail how to capture and read USB ETW , and WPP traces. This post is a supplement to those, and aggregates the trace capture commands into a condensed reference. Please continue to refer back to the previous posts for more details on the two tracing mechanisms and parsing the respective traces.
The following commands will generate traces from the USB 3.0 and USB 2.0 driver stacks as well as other related components: WinUSB, USBCCGP, and PCI. We recommend that you capture the complete set of traces, but if you are certain that a specific component is not relevant to the scenario you want to analyze, you may omit the commands that pertain to that component.
Capturing USB ETW and WPP event traces:
You can capture USB event traces without installing any additional software.
1) Open an elevated command prompt window. One way is to right click on the Start button and select Command Prompt (Admin) .
2) Disconnect the USB devices that you are not interested in. Fewer devices result in smaller traces making it easier to read and analyze.
3) Start a capture session by pasting this sequence of commands into the elevated command prompt:
(Note: these provider-specific GUIDs correspond to those that can be obtained from the provider’s symbol file using Tracepdb.exe as described in the previous WPP blog post )
4) Perform the action that you want to capture. For example, plug in USB device that fails to enumerate properly. The session captures device enumeration activities . Keep the command prompt window open.
5) Stop the capture session when you are finished by pasting this sequence of commands into the elevated command prompt:
The preceding capture session generates a set of etl files stored at %SystemRoot%\Tracing\ (for example, C:\Windows\Tracing). Once complete, move these files to another location or rename them in order to avoid overwriting them when you capture another session.
As described in the blog post on WPP tracing linked above, symbol files are required to parse these traces properly. When capturing a set of traces, it is necessary to record the Windows version on which they were taken so that the traces can be mapped to the correct symbols for analysis. One way to do this is to run the following command from an elevated prompt and save the resulting BuildNumber.txt file along with the traces: