Windows DTrace Support Will Be Included in Next Windows Version

Windows DTrace Support Will Be Included in Next Windows Version

Nowadays, Microsoft has claimed that the next Windows version will include the Windows DTrace support which is a tool for the open source debugging and diagnostic tracing. And the port was announced at the Ignite conference last year. However, the instructions, binaries and source code are now available.

The program manager for Windows kernel has said in the blog that all changes Redmond made to support DTrace for Windows will be available on GitHub. And the merge will happen in the next few years. And at the same time, Microsoft is making its DTrace source available.

The DTrace for Windows allows developers and administrators to get a detailed look at what their system is doing. For example, it allows them to track kernel function calls, examine the properties of running processes, as well as provide probe drivers. In addition, the Windows DTrace command uses the DTrace scripting language. Thus, users can use this language to specify probed information and know how to report this information.

After the first Solaris has been released, the Windows DTrace has been expanded the Unix-like operating system. And today, it can be used for the Linux, FreeBSD, NetBSD, and MacOS. The original Solaris code was released under the Sun’s Common Development and Distribution License.

Microsoft has planted the CDDL part of the DTrace and built an additional driver for Windows which can be used to monitor the operating system. And the latter driver will be available with next Windows version releasing. The part of CDDL needs to be downloaded separately.

Win10 19H1 Preview Is Out for Fast ring and Skip Ahead Insiders

Microsoft launches Windows 10 19H1 Preview Build 18262 to Fast ring and Skip Ahead Insiders, bringing many fixes and new features.

Read More

However, the Windows DTrace currently requires Windows to be boot with a kernel debugger attached. The operating principle of Windows DTrace is that some codes will be inserted to the system functions being analyzed. It means that there is no overhead for kernel features that aren’t being traced since they don’t contain ant DTrace code.

Meanwhile, the Windows DTrace is not the only software requiring modifying kernel memory. The rootkit also needs to modify the kernel of the operating system. For example, the process enumeration functions will not show the running rootkit.

Therefore, Microsoft has released the Windows kernel protection, which also called KPP. KPP monitors some kernel memory so as to find and made some changes and it will be crashed if any is detected. Windows DTrace has violated the protection measure of PatchGuard.

Microsoft has released the first Windows version of DTrace, its Linux debugging tool, for 64-bit Windows 10 beta builds. Microsoft also has its own ETW tool, but this tool is static and does not allow for programmatically inserting tracepoints at runtime.

And if you want to use the DTrace in Windows 10, the 64-bit Windows 10 build 18342 or more advanced edition and the valid insider account is required. And the Windows DTrace will be run as an administrator.

Recover Lost Files After Windows Update with Four Methods

Do you know how to recover lost files after Windows update? This post shows you several methods to get them back.

Read More

Final Words

In conclusion, after reading this post, you can get the information that Microsoft will release the Windows DTrace support in the next new Windows 10 version. And this DTrace for Windows is a tool for the Solaris for the open source debugging and diagnostic tracing.