I am working with Event Tracing for Windows API, and from time to time, I run my application and it does not manage to close the ETW trace controller session after opening it.

Basically I do ::StartTrace([out] handle...) and do not close that handle when I’m finished with it (closing done by using ::StopTrace() function)

I’m looking for a tool that shows me the active sessions so I can close it manually. Without it I have to restart my PC in order for the controller session to be closed at shutdown.

Also, i the same ETW area (on Win 7), I understand that I should be able to see the data layouts for public MOF descriptions using wbemtest.exe. There I am supposed to enter in

- Connect -> Namespace = \\root\wmi\EventTrace

to see MOF data. But I get “The RPC server is unavailable”. Using in that screen the dafaults values: IWBemLocator(Namespaces), How to interpret passsword = null, Authentication level = packet.

In the credentials area I have user and Password (which I tried) but there is another empty field – Authority. Is there a way to see MOF data ? I runed this elevated under Win 7.