An NT Kernel Logger session is used to track system events. The user specifies which system events he wants recorded in the "EnableFlags" subsection of the "Event_Trace_Properties" structure, then uses the "StartTrace" function to send these options to the kernel logger. One of the NT kernel's logging functions is a "Global Logger" session. This function will track and record events that occur early in the Windows startup process, before any users log in to the system. TraceView is a tool provided by Microsoft to control NT Kernel Logger sessions. It is used to set the parameters of a kernel logger session, and displays formatted messages from the kernel concerning the system events the user specified.
Facts on NT Kernel Logger
Kernels interact with computer hardware for the operating system.An operating system's kernel interacts with the computer hardware on behalf of the operating system. The Windows operating system uses the NT kernel. Like other kernels, it has built-in functions to record system events in a "log" file.
0 comments:
Post a Comment