Hi there ,
I’ve been developed a kernel-mode device driver .
well, I want to provide it to an end user, and as you know dbgPrint statements just can be see via a kernel-level debug statement viewer .
in fact, I want to write a ring3 C/C++/C# application ( one of them, there’s no difference ! ) .
the purpose of this application is just communicate to the sys file (ring0) for loading, unloading and eventually show what’s going on on my ring0 driver .
better to say, I want to print the statements in my ring3 application, from what is my dbgprint function in driver said !
for example, suppose this situation , when I communicate to the driver for checking the status of the safeMode, my driver checks it and say “running in safeMode” or “not running in safeMode” I want just show these messages that come from my driver to my end-user(ring 3) application .
please if you know how I should do this describe here .
thanks .
I think there’s an available api for doing this , yep ?
think about that, we are want just write a simple application like DbgView for see what’s going on on kernel messages !
There is an API, it is totally undocumented except for its function
definition. This is only available on some OS’es not all, and remember
that much of the messaging these days is going to ETW which uses a totally
different mechanism. Why do you want to hook this stuff in the first
place, if you own the driver you can provide your mechanism to send messages
to the user?
–
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
wrote in message news:xxxxx@ntdev…
>I think there’s an available api for doing this , yep ?
> think about that, we are want just write a simple application like DbgView
> for see what’s going on on kernel messages !
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4677 (20091210)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 4677 (20091210)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
I don’t want to Hook this, just I want to show my own driver’s messages to the user, in a simple console ring3 application, all users haven’t tools like DebugView for see what’s going on in the kernel, just want to have an embedded method for do this in my own ring3 app .
is there any way to do this ?
Sure. Just create own mechanism for transfering your messages from
driver to app. Ideally an IOCTL which will be completed when drivers has
a message.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Thursday, December 10, 2009 9:10 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Communicating from ring0 to ring3 for
reading dbgprint statementsI don’t want to Hook this, just I want to show my own
driver’s messages to the user, in a simple console ring3
application, all users haven’t tools like DebugView for see
what’s going on in the kernel, just want to have an embedded
method for do this in my own ring3 app .is there any way to do this ?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer
Wouldn’t it be somewhat easier for your application to send an ioctl
to your driver to ask your driver what state it is in?
Mark Roddy
On Thu, Dec 10, 2009 at 2:50 PM, wrote:
> I think there’s an available api for doing this , yep ?
> think about that, we are want just write a simple application like DbgView for see what’s going on on kernel messages !
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
thanks for your good answers,
@Michal Vodicka :
thank you, I also guess about it beforely, what’s your opinion about IRP read !?, is it possible to read statements and to IRP ? if yes, how ?
@ Mark Roddy:
could you please describe somewhat more about this method ?
xxxxx@yahoo.com wrote:
I’ve been developed a kernel-mode device driver .
well, I want to provide it to an end user, and as you know dbgPrint statements just can be see via a kernel-level debug statement viewer .
in fact, I want to write a ring3 C/C++/C# application ( one of them, there’s no difference ! ) .
the purpose of this application is just communicate to the sys file (ring0) for loading, unloading and eventually show what’s going on on my ring0 driver .
better to say, I want to print the statements in my ring3 application, from what is my dbgprint function in driver said !
for example, suppose this situation , when I communicate to the driver for checking the status of the safeMode, my driver checks it and say “running in safeMode” or “not running in safeMode” I want just show these messages that come from my driver to my end-user(ring 3) application .
This is exactly what the DebugView application does. It’s a free
application from SysInternals (now Microsoft).
If your application needs information from the driver, you should create
an ioctl for that purpose.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
xxxxx@yahoo.com wrote:
I don’t want to Hook this, just I want to show my own driver’s messages to the user, in a simple console ring3 application, all users haven’t tools like DebugView for see what’s going on in the kernel,
DebugView is simple, free, and downloadable. It is a MUCH easier answer
than trying to use the undocumented system facilities for getting the
debug print buffer on your own.
In general, the driver you release to users should not be spewing any
debug messages at all. There are few things more annoying that trying
to debug my OWN driver, and have some chatty third-party driver flood
the WinDbg connection with useless messages.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Sheeesh … you’ve got ETW which does this, some forms of WMI which does
this, though I’ve never used it, and most of all you’ve got System event
messages that you can see from EventVwr, all of those well documented
interfaces, though ETW may be a pain in the ass to use.
The personal opinion of
Gary G. Little
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Thursday, December 10, 2009 2:22 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Communicating from ring0 to ring3 for reading dbgprint
statements
@ Mark Roddy:
could you please describe somewhat more about this method ?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 4677 (20091210) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 4677 (20091210) __________
The message was checked by ESET Smart Security.
It is possible but not a good idea. Special IOCTL is better. For one or
more messages, depending on your needs. You may want to use separate
device for this purpose.
Nothing really complicated but using DebugView is easier, all you need
is already done.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.com
Sent: Thursday, December 10, 2009 9:20 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Communicating from ring0 to ring3 for
reading dbgprint statementsthanks for your good answers,
@Michal Vodicka :
thank you, I also guess about it beforely, what’s your
opinion about IRP read !?, is it possible to read statements
and to IRP ? if yes, how ?
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer
thanks all for replies .
I will follow IOCTLs and surely tell what’s going on …
wrote in message news:xxxxx@ntdev…
> thanks for your good answers,
> @Michal Vodicka :
> thank you, I also guess about it beforely, what’s your opinion about IRP
> read !?, is it possible to read statements and to IRP ? if yes, how ?
Ok, now it’s clear. You want to mimic the Linux debugfs.
Windows does not have debugfs, either use usual reads or ioctls and print
the driver output, or just run dbgview (or tracelog) and read
debugprints/trace of the driver.
–pa