This is certainly WinDbg 101 stuff, but the things I read in the Help file aren’t sufficient.
Fired up WinDbg. Opened a window to local Kernel (File->Kernel Debug…->Local tab->OK).
ed Kd_IHVDRIVER_Mask, value is already 0xffffffff.
In the DriverEntry function, I call DbgPrintEx (DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, fmt, args…);
Start the driver using the SC START command.
Nothing in the WinDbg session window.
!dbgprint says the DbgPrint buffer is empty.
By the way, if I close the session window, File->Kernel Debug… remains grayed out, and I have to quit WinDbg and start it again if I want to repeat the above. What am I doing wrong here, and is this a clue regarding the missing debug output?
I have WinDbg 10.0.17763.1 AMD64, and Windows 10 OS 1803.
i don’t think that would deliver the dbgprints for a local driver in
local machine
you probably need to have a real kernel debugging connection and
windbg on the other end to recieve the dbgprints
if you need a dbgprint on the same machine try the Debugview utility
(both sysinternals and osr had one and it worked great until win7 i
havent used them lately in newer os so cant say if there are problems
using them in win-X a quick google land a thread here which doesn’t
have a followup for osr’s dbgview and a stackoverflow thread that
says sysinternals also has problems in WIN-X
The above post says that you can rename dbgv.sys, and then dbgview will work again.
To that I would add that (1) dbgview will continue to capture kernel every time it is launched, but (2) after a reboot, you have to start over (that is, run dbgview, close it, rename dbgv.sys).
I’ve added this comment to that post as well.