Capturing USB Debug Traces
Published Oct 12 2018 03:47 PM 10.4K Views
Copper Contributor

First published on MSDN on Sep 02, 2014
By Philip Froese [MSFT]

 

[Update 04/25/2019] We strongly suggest you to use instructions from http://aka.ms/usbtrace for collecting USB traces specially if you are root causing problems related to USB Type-C and HID. 


[Update 11/2016] The commands outlined in this post are now published in the USB and HID trace capture script available at http://aka.ms/usbtrace .

Previous blog posts have described in detail how to capture and read USB ETW , and WPP traces.  This post is a supplement to those, and aggregates the trace capture commands into a condensed reference.  Please continue to refer back to the previous posts for more details on the two tracing mechanisms and parsing the respective traces.

The following commands will generate traces from the USB 3.0 and USB 2.0 driver stacks as well as other related components: WinUSB, USBCCGP, and PCI.  We recommend that you capture the complete set of traces, but if you are certain that a specific component is not relevant to the scenario you want to analyze, you may omit the commands that pertain to that component.

Capturing USB ETW and WPP event traces:


You can capture USB event traces without installing any additional software.

1) Open an elevated command prompt window.  One way is to right click on the Start button and select Command Prompt (Admin) .

2)     Disconnect the USB devices that you are not interested in.  Fewer devices result in smaller traces making it easier to read and analyze.

3)     Start a capture session by pasting this sequence of commands into the elevated command prompt:

logman create trace -n usbtrace -o %SystemRoot%\Tracing\usbtrace.etl -ct perf -nb 128 640 -bs 128

 

logman update trace -n usbtrace -p Microsoft-Windows-USB-USBXHCI (Default,PartialDataBusTrace,StateMachine)

 

logman update trace -n usbtrace -p Microsoft-Windows-USB-UCX (Default,PartialDataBusTrace,StateMachine)

 

logman update trace -n usbtrace -p Microsoft-Windows-USB-USBHUB3 (Default,PartialDataBusTrace,StateMachine)

 

logman update trace -n usbtrace -p Microsoft-Windows-USB-USBPORT

 

logman update trace -n usbtrace -p Microsoft-Windows-USB-USBHUB

 

logman update trace -n usbtrace -p Microsoft-Windows-Kernel-IoTrace 0 2

 

logman start -n usbtrace

 

logman start -ets usbhub3 -ct perf -p {6e6cc2c5-8110-490e-9905-9f2ed700e455} 0xffffffff 0xff  -o %SystemRoot%\Tracing\usbhub3.etl

 

logman start -ets ucx01000 -ct perf -p {6fb6e467-9ed4-4b73-8c22-70b97e22c7d9}  0xffffffff 0xff  -o %SystemRoot%\Tracing\ucx01000.etl

 

logman start -ets usbxhci -ct perf -p {9F7711DD-29AD-C1EE-1B1B-B52A0118A54C} 0xffffffff 0xff  -o %SystemRoot%\Tracing\usbxhci.etl

 

logman start -ets usbhub -ct perf -p {b10d03b8-e1f6-47f5-afc2-0fa0779b8188} 0xffffffff 0xff  -o %SystemRoot%\Tracing\usbhub.etl

 

logman start -ets usbport -ct perf -p {d75aedbe-cfcd-42b9-94ab-f47b224245dd} 0xffffffff 0xff  -o %SystemRoot%\Tracing\usbport.etl

 

logman start -ets usbccgp -ct perf -p {bc6c9364-fc67-42c5-acf7-abed3b12ecc6} 0xffffffff 0xff  -o %SystemRoot%\Tracing\usbccgp.etl

 

logman start -ets winusb -ct perf -p {ef201d1b-4e45-4199-9e9e-74591f447955} 0xffffffff 0xff  -o %SystemRoot%\Tracing\winusb.etl

 

logman start -ets pci -ct perf -p {47711976-08c7-44ef-8fa2-082da6a30a30} 0xffffffff 0xff  -o %SystemRoot%\Tracing\pci.etl




(Note: these provider-specific GUIDs correspond to those that can be obtained from the provider’s symbol file using Tracepdb.exe as described in the previous WPP blog post )



4)     Perform the action that you want to capture.  For example, plug in USB device that fails to enumerate properly.  The session captures device enumeration activities .  Keep the command prompt window open.

5)     Stop the capture session when you are finished by pasting this sequence of commands into the elevated command prompt:

logman stop -n usbtrace

 

logman delete -n usbtrace

 

logman stop -ets usbhub3

 

logman stop -ets ucx01000

 

logman stop -ets usbxhci

 

logman stop -ets usbhub

 

logman stop -ets usbport

 

logman stop -ets usbccgp

 

logman stop -ets winusb

 

logman stop -ets pci

 

move /Y %SystemRoot%\Tracing\usbtrace_000001.etl %SystemRoot%\Tracing\usbtrace.etl






The preceding capture session generates a set of etl files stored at %SystemRoot%\Tracing\ (for example, C:\Windows\Tracing).  Once complete, move these files to another location or rename them in order to avoid overwriting them when you capture another session.

As described in the blog post on WPP tracing linked above, symbol files are required to parse these traces properly.  When capturing a set of traces, it is necessary to record the Windows version on which they were taken so that the traces can be mapped to the correct symbols for analysis.  One way to do this is to run the following command from an elevated prompt and save the resulting BuildNumber.txt file along with the traces:

reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v BuildLabEX > %SystemRoot%\Tracing\BuildNumber.txt

2 Comments
Copper Contributor

Hey,

I'm unable to run these commands, might it be from here or http://aka.ms/usbtrace 

the command

logman update trace -n usbtrace -p Microsoft-Windows-USB-USBXHCI (Default,PartialDataBusTrace,StateMachine)

fails with error

A user account is required to confirm the properties of the current Data Collector Set.
Uma conta de usuário é necessária para confirmar as propriedades do Conjunto de Coletores de Dados atual.

no matter if I run it as administrator or not, but I see that if I run it on a different machine it works.

 

Works at: Windows Version 1809 (OS Build 17763.737) (en-US)

Fails at: Windows Versão 1903 (Compilação do Sistema Operacional 18990.1) (pt-BR)

Copper Contributor

This CMD file makes the article seem dated.   Is there an update somewhere?

Version history
Last update:
‎Apr 25 2019 11:23 AM
Updated by: