Geoff Chappell - Software Analyst
The EVENT_TRACING_FATAL_ERROR bug check reports a fatal error in Event Tracing for Windows (ETW).
| Bug Check Code | EVENT_TRACING_FATAL_ERROR |
There are no parameters for this bug check.
This error can occur when initialising ETW, when writing an event, or when deleting an EtwRegistration object.
Providers and loggers are securable objects. The permissions are defined in the registry:
| Key: | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WMI\Security |
| Value: | guid |
| Type: | REG_BINARY |
where guid is the string form (without braces) of a GUID that represents the provider or logger. The binary data is expected to be a security descriptor. Default permissions may be specified by setting a security descriptor for the value 0811c1af-7a07-4a06-82ed-869455cdf713. The kernel opens the key during initialisation and attempts to load default permissions. Failure to open the key is fatal to Windows.
Details for other causes may be documented here another time.
Though this bug check is defined symbolically in BUGCODES.H from the Windows Driver Kit (WDK) for Windows Vista, it somehow manages to escape being listed either in the WDK documentation or in the “Debugging Tools for Windows” package that is distributed contemporaneously with Windows Vista.