Microsoft has announced the porting of dynamic debugging system DTrace for the Windows platform. The changes prepared as part of the work, except of the kernel driver, are placed in the form of a separate branch in the repository of the OpenDTrace project, aimed at creating a portable implementation of DTrace that can work in various operating systems. Within a few months, it is planned to achieve the inclusion of code in the core of OpenDTrace.
DTrace support in Windows 10 is available starting with experimental build 18342. To enable, you must activate the dtrace option ("bcdedit / set dtrace on") and install a specially prepared msi package. Debugging events in the Windows kernel additionally requires setting up a remote debugging mode. Management is carried out with the help of the regular dtrace command. Providers such as syscall (tracking of NTOS system calls), fbt (tracking of calls to kernel functions), pid (tracking of processes in user space) and etw (tracing Windows events) are supported.