As described in the announcement, the hints are ordered from least to most helpful, so today’s hint isn’t much — but depending on your installat

Halloween Spooktacular Day 2: Reboot Your Machine

submited by

Style Pass

2024-10-18 10:00:02

As described in the announcement, the hints are ordered from least to most helpful, so today’s hint isn’t much — but depending on your installation of Windows, it might save you a lot of time:

As you try to collect PMCs via the ETW API, at some point you’ll have to call TraceSetInformation. Despite your best efforts, you may find it fails no matter what you do.

While it could be a bug in your code, it could also be because another program on your machine has already requested PMC collection. Since the CPU can only collect a small number of PMCs at once, the ETW API prevents you from selecting PMCs if another ETW trace is already collecting them.

The only way to fix this problem is to stop the other trace. You may be able to do this by hunting it down using Windows administrative tools. Another option is, of course, to reboot your machine.

Worse still, depending on your installation, even rebooting might offer limited reprieve. Although most of our Windows machines don’t have this problem, on one of our systems here, Windows spins up a rogue PMC-collecting trace on its own about a minute after Windows boots.