\reviewtitle{The VTrace Tool: Building a System Tracer for Windows NT
and Windows 2000}
\reviewlabel{lorch00vtrace}
\reviewauthor{Jacob R. Lorch and Alan Jay Smith}

This paper tended to go into a lot of detail (that we aren't so
interested in).

The authors "needed time-stamped traces of certain activities in
Windows NT and Windows 2000 to study new energy management techniques
for laptop computers."  Essentially, they took whatever they could
(mainly from sysinternals.com) to create "filter drivers" to trace
events.  "A filter driver implements a filter device.... After a
filter device attaches to an existing device, it starts intercepting
any requests sent to that device."  They used a typical debug
configuration where the debugger is run on a separate machine
connected via a serial cable.  "The heart of VTrace is the logger,
the piece of code that collects trace records and writes them to the
trace file.  It accepts and serializes request to add events to the
in-memory log, and periodically writes the log to disk."  They were
not able to create a log for unbuffered I/O.

They found that VTrace slowed down some benchmarks by $5-13\%$.  They
tried to separate user and kernel halves but found this essentially
made no difference (in fact, the extra processing made it slower).