First published on MSDN on Sep 02, 2014
By Philip Froese [MSFT]
[Update 04/25/2019] We strongly suggest you to use instructions from http://aka.ms/usbtrace for collecting USB traces specially if you are root causing problems related to USB Type-C and HID.
[Update 11/2016] The commands outlined in this post are now published in the USB and HID trace capture script available at http://aka.ms/usbtrace .
Previous blog posts have described in detail how to capture and read USB ETW , and WPP traces. This post is a supplement to those, and aggregates the trace capture commands into a condensed reference. Please continue to refer back to the previous posts for more details on the two tracing mechanisms and parsing the respective traces.
The following commands will generate traces from the USB 3.0 and USB 2.0 driver stacks as well as other related components: WinUSB, USBCCGP, and PCI. We recommend that you capture the complete set of traces, but if you are certain that a specific component is not relevant to the scenario you want to analyze, you may omit the commands that pertain to that component.
You can capture USB event traces without installing any additional software.
1) Open an elevated command prompt window. One way is to right click on the Start button and select Command Prompt (Admin) .
2) Disconnect the USB devices that you are not interested in. Fewer devices result in smaller traces making it easier to read and analyze.
3) Start a capture session by pasting this sequence of commands into the elevated command prompt:
logman create trace -n usbtrace -o %SystemRoot%\Tracing\usbtrace.etl -ct perf -nb 128 640 -bs 128
logman update trace -n usbtrace -p Microsoft-Windows-USB-USBXHCI (Default,PartialDataBusTrace,StateMachine)
logman update trace -n usbtrace -p Microsoft-Windows-USB-UCX (Default,PartialDataBusTrace,StateMachine)
logman update trace -n usbtrace -p Microsoft-Windows-USB-USBHUB3 (Default,PartialDataBusTrace,StateMachine)
logman update trace -n usbtrace -p Microsoft-Windows-USB-USBPORT
logman update trace -n usbtrace -p Microsoft-Windows-USB-USBHUB
logman update trace -n usbtrace -p Microsoft-Windows-Kernel-IoTrace 0 2
logman start -n usbtrace
logman start -ets usbhub3 -ct perf -p {6e6cc2c5-8110-490e-9905-9f2ed700e455} 0xffffffff 0xff -o %SystemRoot%\Tracing\usbhub3.etl
logman start -ets ucx01000 -ct perf -p {6fb6e467-9ed4-4b73-8c22-70b97e22c7d9} 0xffffffff 0xff -o %SystemRoot%\Tracing\ucx01000.etl
logman start -ets usbxhci -ct perf -p {9F7711DD-29AD-C1EE-1B1B-B52A0118A54C} 0xffffffff 0xff -o %SystemRoot%\Tracing\usbxhci.etl
logman start -ets usbhub -ct perf -p {b10d03b8-e1f6-47f5-afc2-0fa0779b8188} 0xffffffff 0xff -o %SystemRoot%\Tracing\usbhub.etl
logman start -ets usbport -ct perf -p {d75aedbe-cfcd-42b9-94ab-f47b224245dd} 0xffffffff 0xff -o %SystemRoot%\Tracing\usbport.etl
logman start -ets usbccgp -ct perf -p {bc6c9364-fc67-42c5-acf7-abed3b12ecc6} 0xffffffff 0xff -o %SystemRoot%\Tracing\usbccgp.etl
logman start -ets winusb -ct perf -p {ef201d1b-4e45-4199-9e9e-74591f447955} 0xffffffff 0xff -o %SystemRoot%\Tracing\winusb.etl
logman start -ets pci -ct perf -p {47711976-08c7-44ef-8fa2-082da6a30a30} 0xffffffff 0xff -o %SystemRoot%\Tracing\pci.etl
(Note: these provider-specific GUIDs correspond to those that can be obtained from the provider’s symbol file using Tracepdb.exe as described in the previous WPP blog post )
4) Perform the action that you want to capture. For example, plug in USB device that fails to enumerate properly. The session captures device enumeration activities . Keep the command prompt window open.
5) Stop the capture session when you are finished by pasting this sequence of commands into the elevated command prompt:
logman stop -n usbtrace
logman delete -n usbtrace
logman stop -ets usbhub3
logman stop -ets ucx01000
logman stop -ets usbxhci
logman stop -ets usbhub
logman stop -ets usbport
logman stop -ets usbccgp
logman stop -ets winusb
logman stop -ets pci
move /Y %SystemRoot%\Tracing\usbtrace_000001.etl %SystemRoot%\Tracing\usbtrace.etl
The preceding capture session generates a set of etl files stored at %SystemRoot%\Tracing\ (for example, C:\Windows\Tracing). Once complete, move these files to another location or rename them in order to avoid overwriting them when you capture another session.
As described in the blog post on WPP tracing linked above, symbol files are required to parse these traces properly. When capturing a set of traces, it is necessary to record the Windows version on which they were taken so that the traces can be mapped to the correct symbols for analysis. One way to do this is to run the following command from an elevated prompt and save the resulting BuildNumber.txt file along with the traces:
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion" /v BuildLabEX > %SystemRoot%\Tracing\BuildNumber.txt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.