Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Can't see output from DbgPrint

Michael_RolleMichael_Rolle Member - All Emails Posts: 135

This is certainly WinDbg 101 stuff, but the things I read in the Help file aren't sufficient.
1. Fired up WinDbg. Opened a window to local Kernel (File->Kernel Debug...->Local tab->OK).
2. ed Kd_IHVDRIVER_Mask, value is already 0xffffffff.
3. In the DriverEntry function, I call DbgPrintEx (DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, fmt, args...);
4. Start the driver using the SC START command.
5. Nothing in the WinDbg session window.
6. !dbgprint says the DbgPrint buffer is empty.

By the way, if I close the session window, File->Kernel Debug... remains grayed out, and I have to quit WinDbg and start it again if I want to repeat the above. What am I doing wrong here, and is this a clue regarding the missing debug output?

I have WinDbg 10.0.17763.1 AMD64, and Windows 10 OS 1803.


  • raj_rraj_r Member - All Emails Posts: 977
    via Email
    (File->Kernel Debug...->Local tab->OK

    i don't think that would deliver the dbgprints for a local driver in
    local machine

    you probably need to have a real kernel debugging connection and
    windbg on the other end to recieve the dbgprints

    if you need a dbgprint on the same machine try the Debugview utility
    (both sysinternals and osr had one and it worked great until win7 i
    havent used them lately in newer os so cant say if there are problems
    using them in win-X a quick google land a thread here which doesn't
    have a followup for osr's dbgview and a stackoverflow thread that
    says sysinternals also has problems in WIN-X
  • Michael_RolleMichael_Rolle Member - All Emails Posts: 135

    Thanks, this works. I ran dbgview and I see the debug output.

    The problem mentioned in the above link is still there 6 years later, and I posted a comment there to that effect.

  • Michael_RolleMichael_Rolle Member - All Emails Posts: 135

    The above post says that you can rename dbgv.sys, and then dbgview will work again.
    To that I would add that (1) dbgview will continue to capture kernel every time it is launched, but (2) after a reboot, you have to start over (that is, run dbgview, close it, rename dbgv.sys).
    I've added this comment to that post as well.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Developing Minifilters 29 July 2019 OSR Seminar Space
Writing WDF Drivers 23 Sept 2019 OSR Seminar Space
Kernel Debugging 21 Oct 2019 OSR Seminar Space
Internals & Software Drivers 18 Nov 2019 Dulles, VA