Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

Is there any way to view dxgkrnl watchdog.sys log messages?

dbarriedbarrie Member Posts: 10

If you enable the two registry values specified in this MSDN topic, windbg will helpfully pause every time an exceptional condition is encountered in dxgkrnl, letting you choose how to proceed (break, break then repeat message, ignore, ignore all). This works great, and does allow me to see when errors have occurred, but it doesn't allow me to see what errors have occurred.

I can see the callstack (with public dxgkrnl symbols), which does provide some clues, but not nearly enough to understand what specifically the issue might be. I spent some time trying to poke around in the disassembly to see if I might be able to find a pointer to an actual message, but had no luck.

Is there any way to actually get at the log messages being reported here?


  • dbarriedbarrie Member Posts: 10

    After spending some more time poking around in the disassembly, it seems like there's an NTSTATUS code in r15 at the point where it breaks when telling it to do so. While this isn't the most convenient (I found in the dxgkrnl module the actual string it sends to windbg prompting the user what to do next, why couldn't they just log the error as well?!), at the very least it's useful enough to make progress debugging.

  • dbarriedbarrie Member Posts: 10

    Or not, apparently it was just a coincidence that r15 contained NTSTATUS codes the few times I'd checked.

  • dbarriedbarrie Member Posts: 10

    Thanks to Ghidra, I was able to disassemble watchdog.sys and figure out much of how it works. I've written a simple windbg extension that can help in displaying the log entries and enabling various features of the library.

    It is currently capable of configuring the different log categories, and dumping the log details for any log entry. I still plan on adding the ability to dump all the logs from the circular buffers that the library saves the logs to, but I haven't done so yet.

    Hopefully this might help the next person trying to deal with this stuff.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 16-20 October 2023 Live, Online
Developing Minifilters 13-17 November 2023 Live, Online
Internals & Software Drivers 4-8 Dec 2023 Live, Online
Writing WDF Drivers 10-14 July 2023 Live, Online