Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Can't see output from DbgPrint
Michael_Rolle
Member - All Emails Posts: 135
This is certainly WinDbg 101 stuff, but the things I read in the Help file aren't sufficient.
1. Fired up WinDbg. Opened a window to local Kernel (File->Kernel Debug...->Local tab->OK).
2. ed Kd_IHVDRIVER_Mask, value is already 0xffffffff.
3. In the DriverEntry function, I call DbgPrintEx (DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, fmt, args...);
4. Start the driver using the SC START command.
5. Nothing in the WinDbg session window.
6. !dbgprint says the DbgPrint buffer is empty.
By the way, if I close the session window, File->Kernel Debug... remains grayed out, and I have to quit WinDbg and start it again if I want to repeat the above. What am I doing wrong here, and is this a clue regarding the missing debug output?
I have WinDbg 10.0.17763.1 AMD64, and Windows 10 OS 1803.
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
| Upcoming OSR Seminars | Kernel Debugging | 30 Mar 2020 | OSR Seminar Space |
|---|---|---|
| Developing Minifilters | 20 Apr 2020 | OSR Seminar Space & ONLINE |
| Writing WDF Drivers | 11 May 2020 | OSR Seminar Space & ONLINE |
| Internals & Software Drivers | 28 Sept 2020 | Dulles, VA |
Comments
i don't think that would deliver the dbgprints for a local driver in
local machine
you probably need to have a real kernel debugging connection and
windbg on the other end to recieve the dbgprints
if you need a dbgprint on the same machine try the Debugview utility
(both sysinternals and osr had one and it worked great until win7 i
havent used them lately in newer os so cant say if there are problems
using them in win-X a quick google land a thread here which doesn't
have a followup for osr's dbgview and a stackoverflow thread that
says sysinternals also has problems in WIN-X
https://stackoverflow.com/questions/31638438/debugview-doesnt-work-on-windows-10
https://community.osr.com/discussion/274977/dbgview-trouble
Thanks, this works. I ran dbgview and I see the debug output.
The problem mentioned in the above https://community.osr.com/discussion/274977/dbgview-trouble link is still there 6 years later, and I posted a comment there to that effect.
The above post says that you can rename dbgv.sys, and then dbgview will work again.
To that I would add that (1) dbgview will continue to capture kernel every time it is launched, but (2) after a reboot, you have to start over (that is, run dbgview, close it, rename dbgv.sys).
I've added this comment to that post as well.