Search notes:

dtrace.exe

dtrace.exe is a command-line utility to display system information and events, such as
DTrace comes with a script interpreter. Such scripts are written in the D-Language (which is inspired by awk and designed to be «like C» ).
This tool was originally programmed for the Solaris OS but was then ported (among others?) also to Windows.
More detailed information about DTrace can be found in the OpenDTrace specification. 
C:\> dtrace cmd
dtrace: no probes specified

C:\> bcdedit /set dtrace ON
The operation completed successfully.

C:\> bcdedit /enum | findstr /i dtrace
dtrace                  Yes
Environment variable _NT_SYMBOL_PATH should be set (possibly to a value like srv*C:\ProgramData\DbgC:\ProgramData\Dbg*https://msdl.microsoft.com/download/symbols

Examples

Hari Pulapaka on techcommunity.microsoft.com
Dump System Kernel structure (requires _NT_SYMBOL_PATH to be set): 
dtrace -n "BEGIN{print(*(struct nt`_EPROCESS *) nt`PsInitialSystemProcess);exit(0);}"

Usage

dtrace [-32|-64] [-aACeFGhHlqSvVwZ] [-b bufsz] [-c cmd] [-D name[=def]]
[-I path] [-L path] [-o output] [-p pid] [-s script] [-U name]
[-x opt[=val]] [-X a|c|s|t]

[-P provider [[ predicate ] action ]]
[-m [ provider: ] module [[ predicate ] action ]]
[-f [[ provider: ] module: ] func [[ predicate ] action ]]
[-n [[[ provider: ] module: ] func: ] name [[ predicate ] action ]]
[-i probe-id [[ predicate ] action ]] [ args ... ]

predicate -> '/' D-expression '/'
   action -> '{' D-statements '}'

-b  set trace buffer size
-c  run specified command and exit upon its completion
-C  run cpp(1) preprocessor on script files
-D  define symbol when invoking preprocessor
-e  exit after compiling request but prior to enabling probes
-f  enable or list probes matching the specified function name
-F  coalesce trace output by function
-G  generate a PE file containing embedded dtrace program
-h  generate a header file with definitions for static probes
-H  print included files when invoking preprocessor
-i  enable or list probes matching the specified probe id
-I  add include directory to preprocessor search path
-l  list probes matching specified criteria
-L  add library directory to library search path
-m  enable or list probes matching the specified module name
-n  enable or list probes matching the specified probe name
-o  set output file
-p  grab specified process-ID and cache its symbol tables
-P  enable or list probes matching the specified provider name
-q  set quiet mode (only output explicitly traced data)
-s  enable or list probes according to the specified D script
-S  print D compiler intermediate code
-U  undefine symbol when invoking preprocessor
-v  set verbose mode (report stability attributes, arguments)
-V  report DTrace API version
-w  permit destructive actions
-x  enable or modify compiler and tracing options
-X  specify ISO C conformance settings for preprocessor
-y  set symbol search path
-Z  permit probe descriptions that match zero probes

Links

https://github.com/opendtrace/

See also

Event Tracing for Windows (ETW)
VBoxDTrace.exe
OpenDTrace - Windows

Index