Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Can't see output from DbgPrint
Michael_Rolle
Member - All Emails Posts: 135
This is certainly WinDbg 101 stuff, but the things I read in the Help file aren't sufficient.
1. Fired up WinDbg. Opened a window to local Kernel (File->Kernel Debug...->Local tab->OK).
2. ed Kd_IHVDRIVER_Mask, value is already 0xffffffff.
3. In the DriverEntry function, I call DbgPrintEx (DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, fmt, args...);
4. Start the driver using the SC START command.
5. Nothing in the WinDbg session window.
6. !dbgprint says the DbgPrint buffer is empty.
By the way, if I close the session window, File->Kernel Debug... remains grayed out, and I have to quit WinDbg and start it again if I want to repeat the above. What am I doing wrong here, and is this a clue regarding the missing debug output?
I have WinDbg 10.0.17763.1 AMD64, and Windows 10 OS 1803.
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Writing WDF Drivers | 7 Dec 2020 | LIVE ONLINE |
| Internals & Software Drivers | 25 Jan 2021 | LIVE ONLINE |
| Developing Minifilters | 8 March 2021 | LIVE ONLINE |
Comments
i don't think that would deliver the dbgprints for a local driver in
local machine
you probably need to have a real kernel debugging connection and
windbg on the other end to recieve the dbgprints
if you need a dbgprint on the same machine try the Debugview utility
(both sysinternals and osr had one and it worked great until win7 i
havent used them lately in newer os so cant say if there are problems
using them in win-X a quick google land a thread here which doesn't
have a followup for osr's dbgview and a stackoverflow thread that
says sysinternals also has problems in WIN-X
https://stackoverflow.com/questions/31638438/debugview-doesnt-work-on-windows-10
https://community.osr.com/discussion/274977/dbgview-trouble
Thanks, this works. I ran dbgview and I see the debug output.
The problem mentioned in the above https://community.osr.com/discussion/274977/dbgview-trouble link is still there 6 years later, and I posted a comment there to that effect.
The above post says that you can rename dbgv.sys, and then dbgview will work again.
To that I would add that (1) dbgview will continue to capture kernel every time it is launched, but (2) after a reboot, you have to start over (that is, run dbgview, close it, rename dbgv.sys).
I've added this comment to that post as well.