Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Debugview joy for Win10

RJ-2RJ-2 Member Posts: 6

"The NEW phone book is here! The NEW phone book is here!" (The Jerk)

A new version of dbgview is available on the MS Sysinternals site which works on Win10 without the .sys renaming shuffle (v4.90).
I did notice the older version 4.81 is still in the zip file with a cap as Dbgview.exe. V4.90 is the all lowercase dbgview.exe in the zip file
dated 4/23/2019.

Thank you, Thank you Mark Russinovich!

PS: Don't forget your DEFAULT dword value in the registry at "\HKLM\CurrentControlSet\Control\Session Manager\Debug Print Filter"
0xF gets all debug prints.

«1

Comments

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224
    via Email
    What was the prolblem with earlier DbgViews? I have version 4.76 running on W10.

    On 4/24/19, RJ-2 wrote:
    > OSR https://community.osr.com/
    > RJ-2 started a new discussion: Debugview joy for Win10
    >
    > "The NEW phone book is here! The NEW phone book is here!" (The Jerk)
    >
    > A new version of dbgview is available on the MS Sysinternals site which
    > works on Win10 without the .sys renaming shuffle (v4.90).
    >
    > I did notice the older version 4.81 is still in the zip file with a cap as
    > Dbgview.exe. V4.90 is the all lowercase dbgview.exe in the zip file
    >
    > dated 4/23/2019.
    >
    > Thank you, Thank you Mark Russinovich!
    >
    > PS: Don't forget your DEFAULT dword value in the registry at
    > "\HKLM\CurrentControlSet\Control\Session Manager\Debug Print Filter"
    >
    > 0xF gets all debug prints.
    >
    > --
    > Reply to this email directly or follow the link below to check it out:
    > https://community.osr.com/discussion/291282/debugview-joy-for-win10
    >
    > Check it out:
    > https://community.osr.com/discussion/291282/debugview-joy-for-win10
    >
  • RJ-2RJ-2 Member Posts: 6

    Search the list for "dbgv.sys".
    The old problem only presents itself when exercising "Capture Kernel" or "Log Boot".

    @Dejan_Maksimovic said:
    What was the prolblem with earlier DbgViews? I have version 4.76 running on W10.

  • SweetLowSweetLow Member Posts: 22
    edited April 25

    @RJ-2
    Nice. Thanks for the info.
    P.S. Looks like 1809+ versions hold [memory mapping of] driver image till driver loaded. So old trick "temporary unpack driver file/load driver/delete driver file" does not work now. Does this change discussed or described here or in any other place?

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224
    via Email
    Of course I am using Capture Kernel.
    I never used log boot, though.

    Simply Run as Admin, and it's working (even if you disable UAC, you
    have to Run as Admin on W10)

    > Search the list for "dbgv.sys".
    >
    > The old problem only presents itself when exercising "Capture Kernel" or
    > "Log Boot".
    >
    >> @Dejan_Maksimovic said:
    >>
    >> What was the prolblem with earlier DbgViews? I have version 4.76 running
    >> on W10.
    >
  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,213
    edited April 25

    (I can’t resist any longer: I don’t get the fascination with this tool. I don’t use it, nobody I know ever uses it. If I want debug output, I just hook up the debugger, and I’m done. Who cares about DebugView? There, I said it and now I feel better.)

    Post edited by Peter_Viscarola_(OSR) on

    Peter Viscarola
    OSR
    @OSRDrivers

  • SweetLowSweetLow Member Posts: 22

    If I want debug output, I just hook up the debugger, and I’m done.

    How do you insulate problem which exists on user machine only? Debug logging much simpler than anything else.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,213

    How do you insulate problem which exists on user machine only

    I attach the kernel debugger. Why would I not want to do that?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224
    via Email
    I could make a pretty snubby comment here :)

    You can attach WinDBG on your client's machine? That is rare.
  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,213

    You can attach WinDBG on your client's machine? That is rare.

    You can run DbgView on your client's machine? And, if you have your client do it, you let them see your internal DbgPrint spew?

    That is rare.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224
    via Email
    The client seeing your debug output is one thing, but you attaching a
    debugger to a production machine - that was impossible for me, even if
    they wanted to do it remotely.

    Unless you meant a live session on the local machine?


    >
    >> You can attach WinDBG on your client's machine? That is rare.
    >
    > You can run DbgView on your client's machine? And, if you have your client
    > do it, you let them see your internal DbgPrint spew?
    >
  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224
    via Email
    Now that I think about it, you cannot attach WinDBG to an active
    session, unless it was enabled from the start, so I guess you were
    talking about running WinDBG on the local machine, simply instead of
    DebugView :)
    > The client seeing your debug output is one thing, but you attaching a
    > debugger to a production machine - that was impossible for me, even if
    > they wanted to do it remotely.
    >
    > Unless you meant a live session on the local machine?
    >
  • Michal_VodickaMichal_Vodicka Member - All Emails Posts: 50
    via Email
    > Who cares DebugView?

    Me. For me it is the most useful and the most used System Internals tools and if Mark Russinovich haven't written it, I'd have to do it myself. The killer feature is color filters (I even asked Mark many years ago to increase their number from 10 to 20 which he did). They allow me to see anything important or unusual easily. I have set red filter to word "error", having DbgView running all the time on the secondary monitor and if everything bad happens in my software, I immediately notice it. This way it is always debugged which improves its quality.

    Of course, I use traces as the main and usually the only debugging tool so all errors are reported this way. (Debuggers are just for beginners, anyway. There, I said it and now I feel better ;-))

    > You can run DbgView on your client's machine? And, if you have your client do it, you let them see your internal DbgPrint spew?

    Sure, why not? I never understood why it should be a problem. However, most of my "clients" who do it are my coworkers (QA, support, FAEs...). They live in different time zones around all the World (mine is usually Hawaii ;-)) and they can capture the log when they have time. No need to work together and try to establish remote session. I just send instructions and they send back the log. Easy for everybody involved, convenient and efficient. Sometimes I just create a Jira ticket and that's all.

    > I attach the kernel debugger. Why would I not want to do that?

    Because it is laborious and usually, there is a firewall or policy between you and the target machine which doesn't allow it. At least in my case. Even if it is possible, you need a cooperating and technically savvy person on the other side. Working at the same time as you do.

    Michal
  • Pavel_APavel_A Member Posts: 2,670

    +1. DebugView is somewhat like being able to type "dmesg" anytime :) Or that system logs applet of OSX :) :)

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,213

    DebugView is somewhat like being able to type "dmesg" anytime

    Precisely. 100% agreed. Equally terrible as a method for diagnosing and debugging driver problems.

    If your QA folks can’t learn to setup WinDbg, I would respectfully suggest.... you know what I’m going to say.

    You want trace data from CUSTOMER machines, in production, you’d be mad to use DbgPrint, even if only due to the perf hit. Some ETW-based tracing is most appropriate here (choose WPP if you wish for quick and dirty).

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Michal_VodickaMichal_Vodicka Member - All Emails Posts: 50
    edited April 29 via Email
    > If your QA folks can’t learn to setup WinDbg, I would respectfully suggest....
    > you know what I’m going to say.

    They don't need WinDbg for anything else and DbgView is simpler to install and use. So why should I teach them to setup WinDbg?

    > You want trace data from CUSTOMER machines, in production, you’d be mad
    > to use DbgPrint, even if only due to the perf hit. Some ETW-based tracing is
    > most appropriate here (choose WPP if you wish for quick and dirty).

    Performance hit is the same as ETW for disabled traces (default for all). For enabled it can be a bit higher but I haven't measured the difference as it was never a problem. Actually, it can be a problem only if enormous amount of traces is generated as if we need traces from customer machines, we send precise trace configuration where isn't such a danger.

    Actually, I'm just implementing new trace library and I'm pondering also ETW variant. However, ETW is ridiculously complicated and still limited which makes mapping our traces to it rather uneasy. I'm afraid there aren't enough advantages to justify extra work.

    Michal
  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,213

    why should I teach them to setup WinDbg?

    Oh, I dunno... maybe so they could, like, set breakpoints, alter variables (trace settings or whatever)... you know, do “debugging” stuff that you do with a debugger?

    I guess it depends on the role of your QA folks in your org.

    However, ETW is ridiculously complicated and still limited

    ETW is annoying to get started with, I’ll grant you that. After a couple of years of promoting it to the community, a year or two of being badly burnt by it, and several years despising it... we’ve returned to using it here over the last few years. It’s as flexible and powerful as I can possibly imagine. Perhaps my imagination is limited. It’s just hard to make it through the docs and macros and figure out how to do what you need. The WPP implementation is so much horrible “pre-processor before the preprocessor” magic it can turn your stomach at times. But it’s mostly “learn once, write once” code, and terrible as that concept might be.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224
    via Email
    Errr, your customers work for you as your QA?:)
    >> why should I teach them to setup WinDbg?
    >
    > Oh, I dunno... maybe so they could, like, set breakpoints, alter variables
    > (trace settings or whatever)... you know, do “debugging” stuff that you do
    > with a debugger?
    >
  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,213

    your customers work for you as your QA

    We’ve got who separate concepts here, Mr. Maksimovic: Customers and Mr. Vodicka’s QA team. We can talk about two things at once, I think, can’t we?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Michal_VodickaMichal_Vodicka Member - All Emails Posts: 50

    It seems my last post didn't pass through :s

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,213

    @Michal_Vodicka said:
    It seems my last post didn't pass through :s

    And I do t know why, and I don’t see it in the spam queue.

    Another mystery of modern life, I’m afraid.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Michal_VodickaMichal_Vodicka Member - All Emails Posts: 50
    edited April 30

    Sent via e-mail as previous ones. Well, it is the mystery of this... how do you call it?

    I'll repost it using the web interface. The advantage of the mail is the text is saved in the sent items.

  • Michal_VodickaMichal_Vodicka Member - All Emails Posts: 50

    Oh, I dunno... maybe so they could, like, set breakpoints, alter variables
    (trace settings or whatever)... you know, do “debugging” stuff that you do
    with a debugger?

    That's not their job. Also, I can hardly teach them something I don't do. I don't remember if I've ever used WinDbg for things you mention. Probably not. That debugging stuff is too laborious and extremely inefficient. I'm really lazy person so I prefer looking few minutes to the log over few hours or days of single stepping. Well, I don't remember when I did it last time with any debugger. Maybe in previous millennium?

    ETW is annoying to get started with, I’ll grant you that.

    I trust you. I looked at it several times and always gave up.

    we’ve returned to using it here over the last few years.

    Do you have any example or an article which shows using pure ETW (without WPP) some usable way? I'd need something for inspiration and something to guess how much time it can take.

    The WPP implementation is so much horrible “pre-processor before the preprocessor”

    Yep, that's horrible. The example how having too much power can be bad. I implemented something similar (traces for embedded platforms formatted at host side) and standard C preprocessor was sufficient.

    I want to avoid WPP because our target is not only drivers but also apps and services. There should be unified approach for everything. ETW can be the way if I'm able to map it to trace macros we already use.

    Michal

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,213

    @Michal_Vodicka said:
    Sent via e-mail as previous ones. Well, it is the mystery of this... how do you call it?

    THAT’s not good. I need to check into that.

    Thanks for letting me know

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,213

    Do you have any example or an article which shows using pure ETW (without WPP)

    I’d be happy to share it if we had it... but we did it was a bunch of custom WPP routines. Yuck.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Pavel_APavel_A Member Posts: 2,670
    edited May 1

    I want to avoid WPP because our target is not only drivers but also apps and services.

    WPP does work in usermode. Few years ago an example for this was posed by Ivan Brugiolo (IIRC), I've tested it, it worked.

    /* And just for laughs: recently I needed trace solution for a small embedded MCU which has too little memory for printf.
    Inspired by WPP, I made a simple preprocessor; it converts every instance of printf-like statement to unique macro,
    which eventually moves the parameters as binary to the host, which does formatting etc.
    These macros are "injected" into their respective .c files using "inject include" compiler option, -FI or -j,
    so users do not see #include's of .tmh files, and do not ask questions ;)
    The preprocessor is very crude, but works for us. Thanks for the idea, Microsoft.
    The best thing about it - to change anything we just fix it in the preprocessor itself - no obscure configurations.
    */

    -- pa

  • Michal_VodickaMichal_Vodicka Member - All Emails Posts: 50
    edited May 1

    I believe it is possible to use WPP in user mode but I still dislike this idea.

    Well, I did the same as you for the same reasons (not enough memory for all trace strings) but I didn't need extra preprocessor. The standard one was enough. C99 and gcc as I needed __VA_AGRS__ and __COUNTER__ to make unique numbers. Macros put format strings plus their identification to a separate data section which is cut out from firmware at the last build step. For host I wrote an application which receives binary data from the device debug port or SWO and formats them using info from mentioned section. And then sends it to debug output where we use DebugView for display to return to the original subject ;-) The app monitors trace section file changes and reloads it after every firmware rebuild so there is no need to do anything at the host side.

    Actually, I'm just porting this to the next embedded platform as the very first step because we are so used to it we don't want to do any work without it. Nobody wants to use a debugger anymore ;-)

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224

    @Peter_Viscarola_(OSR) said:

    your customers work for you as your QA

    We’ve got who separate concepts here, Mr. Maksimovic: Customers and Mr. Vodicka’s QA team. We can talk about two things at once, I think, can’t we?

    Ah, I did not read through the enitrety of the post, so I presumed we were still talking about cusotmers (as we did at the start of the thread).

    Anyway, getting our company to use WinDBG - prolly. Getting our customers to use WinDBG -no way. That requires setting up a second machine to connect WinDBG to a dead machine and reproducing the crash (which, if possible, we can do ourselves)

  • Pavel_APavel_A Member Posts: 2,670
    edited May 2

    So why it is a big deal to persuade people use windbg? Is it mainly because of lack of physical debugger connectivity?
    Serial is slow (and connector not exposed, except of IoT thingies).
    Firewire is dead. USB 2 and 3 - dead? Ethernet - problematic because of ethernet h/w compatibility.
    What's left?

    @Michal_Vodicka Thumbs up!
    We tried to do it this simple too, but the codebase had too complicated debug stuff not feasible for C preprocessor. At least beyond my skills.
    And the team demanded zero changes to existing code.
    C++17 seems to enable some amazing template and constexpr tricks.... Consider move to c++ ;)

    -- pa

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 224
    via Email
    > So why it is so a big ideal to persuade people use windbg? Is it mainly
    > because of lack of physical debugger connectivity?
    For me, primarily yes.
    Also the fact that DebugView requires no installation, whereas WinDBG
    requires WDK installation.

    > C++17 seems to enable some amazing template tricks.... Consider move to c++
    In kernel mode?
  • Michal_VodickaMichal_Vodicka Member - All Emails Posts: 50
    via Email
    > So why it is so a big ideal to persuade people use windbg? Is it mainly
    > because of lack of physical debugger connectivity?

    In my case because they don't need it. All I need from them is to capture debug log and using DbgView is much easier. No install, just run, reproduce problem, save log and send it. For me is hard to imagine how to explain their managers why they should spend time with install, setup and learning WinDbg.

    > C++17 seems to enable some amazing template tricks.... Consider move to
    > c++

    I can't; fortunately ;-) We have to support the lowest common denominator as our customers may want to port our code to virtually anything including very limited embedded platforms and use ancient toolchains. Even C99 can be a problem... but I'm going to solve it only if it really happens which is hopefully never.

    Michal
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Developing Minifilters 29 July 2019 OSR Seminar Space
Writing WDF Drivers 23 Sept 2019 OSR Seminar Space
Kernel Debugging 21 Oct 2019 OSR Seminar Space
Internals & Software Drivers 18 Nov 2019 Dulles, VA