Trace Analysis Patterns (Part 54)

While working on Accelerated Windows Software Trace Analysis training I discovered some missing patterns needed for completeness despite their triviality. One of them is called Error Message. Here an error is reported either explicitly (”operation failed”) or implicitly as an operation status result such as 0xC00000XX. Sometimes, a trace message designer specifies that the number value was supplied for information only and should be ignored. Some error messages may contain information that is not relevant for the current software incident, the so called false positive errors. Some tracing architectures and tools include message information category for errors, such as Citrix CDF (ETW-based) where you filter by error category to get an adjoint thread. Note, that the association of a trace statement with an error category is left at the discretion of an engineer writing code and information category messages may contain implicit errors such as last error and return status reports.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

2 Responses to “Trace Analysis Patterns (Part 54)”

  1. Dmitry Vostokov Says:

    Negative messages such as “denied” are also in this category

  2. Dmitry Vostokov Says:

    When “error” is in the file name found in the log it may not be an error. Example:


    Excluded from processing: “data.txt”
    Excluded from processing: “error.log”

Leave a Reply