ProcExp and XPerf tracing

  • Artykuł

I was trying to run some XPerf traces to prepare for a training, when it all of a sudden stopped working. The error I got was this:

xperf: error: NT Kernel Logger: Cannot create a file when that file already exists. (0xb7).

Weird because I ran the same command successfully multiple times before. Trying to stop a potentially conflicting session by using:

Xperf –d blah.etl

Failed with this error:

xperf: error: Merge ETL: The specified path is invalid. (0xa1).

And the event log contained this:

Session "NT Kernel Logger" failed to start with the following error: 0xC0000035

What has changed was that I had started ProcMon.exe. That uses the NT Kernel Logger. Exiting that process cleared the way for my first command.

Comments

  • Anonymous
    February 01, 2011
    The PE14 uses ETW for Network IO display and this causes the issue. I also needed some time to figure this out. I already send Mark an email about it. That's why I'm back to version 12.04

  • Anonymous
    February 11, 2011
    Ran into the same thing when I tried to run powercfg -energy - Process Explorer 14.01 was running and had the session open. =-=-=-=-= Enabling tracing for 60 seconds... Observing system behavior... Could not open the NT Kernel Logger.  The NT Kernel Logger is already in use.  Ensure that all other performance monitor ing utilities, including Reliability and Performance Monitor are not currently in use. =-=-=-=-= Exiting Process Explorer allowed powercfg to run...  (Same message when Procmon is capturing and one tries to run powercfg -energy, of course.)

  • Anonymous
    November 20, 2011
    The comment has been removed

  • Anonymous
    January 28, 2012
    If the NT Kernel Logger session is already in use, the StartTrace func returns ERROR_ALREADY_EXISTS twitter.com

  • Anonymous
    May 18, 2014
    C:Program FilesMicrosoft Windows Performance Toolkit>xperf.exe -on DiagEasy xperf: error: NT Kernel Logger: Cannot create a file when that file already exis ts. (0xb7). The problem is you cannot stop the NT Kernel Logger trace when the Trace Session->Stream mode is set to Real Time in the NT Kernel Logger Event Trace Sessions’ properties. Switch it to File and then you will be able to stop it. You can then utilize xperf to run kernel traces. Be sure to switch it back to the way it was when you are done!

  • Anonymous
    May 18, 2014
    C:Program FilesMicrosoft Windows Performance Toolkit>xperf.exe -on DiagEasy xperf: error: NT Kernel Logger: Cannot create a file when that file already exis ts. (0xb7). The problem is you cannot stop the NT Kernel Logger trace when the Trace Session->Stream mode is set to Real Time in the NT Kernel Logger Event Trace Sessions’ properties. Switch it to File and then you will be able to stop it. You can then utilize xperf to run kernel traces. Be sure to switch it back to the way it was when you are done!