Debug message is not displayed in WinDBG

minh · September 5, 2024, 7:45am

Hi all,

I am beginning to study the kernel driver but having an issue of debugging.
I am not sure my driver is getting run or not.

The WinDBG says that the driver is loaded but there is no debug message in the DriverEntry is print out.
The driver is built with WPP tracing option set to 'No'.

Here is result in WinDBG.
ModLoad: fffff80588d90000 fffff80588d97000 HelloWorldDriver.sys
I install the driver by using below command.
devcon install HelloWorldDriver.sys Root\HelloWorldDriver.
The source code of DriverEntry:

NTSTATUS
DriverEntry(
    _In_ PDRIVER_OBJECT     DriverObject,
    _In_ PUNICODE_STRING    RegistryPath
)
{
    // NTSTATUS variable to record success or failure
    NTSTATUS status = STATUS_SUCCESS;

    // Allocate the driver configuration object
    WDF_DRIVER_CONFIG config;

    // Print "Hello World" for DriverEntry
    KdPrintEx((DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, "KmdfHelloWorld: DriverEntry\n"));

    // Initialize the driver configuration object to register the
    // entry point for the EvtDeviceAdd callback, KmdfHelloWorldEvtDeviceAdd
    WDF_DRIVER_CONFIG_INIT(&config,
        KmdfHelloWorldEvtDeviceAdd
    );

    // Finally, create the driver object
    status = WdfDriverCreate(DriverObject,
        RegistryPath,
        WDF_NO_OBJECT_ATTRIBUTES,
        &config,
        WDF_NO_HANDLE
    );
    return status;
}

I am expecting that the message 'KmdfHelloWorld: DriverEntry' should be displayed on WinDBG.

Any idea will be appreciated.

rod_widdowson · September 5, 2024, 8:34am

There's a magical setting somewhere to turn it on.

But I always use BellaVista to set it.

I'll use this post to thank Ladislav yet again for his amazing tools. There is not a day goes by when I do not rely on them

Tim_Roberts · September 5, 2024, 4:28pm

You need to enable filtering for IHVDRIVERID. You can do it in the registry (and reboot) or you can set it on the fly. Directions are here:

Mark_Roddy · September 5, 2024, 6:51pm

Is a wrapper around DbgPrintEx and compiles to nothing in a release build.

I personally always use DbgPrintEx. I use it inside my own logging function that has it's own level filter set from the registry in the DriverEntry routine. I cannot stand the filtering mechanism provided by microsoft. Also this way I can easily convert the release build to use ETW logging.

Anyway, the magic incantation to convince DbgPrintEx to always print to the debug console is: DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL, ...)

minh · September 9, 2024, 3:13am

Thank you so much. I have read the document and now WinDBG can display the debug message.

For my case, I have entered following command to WinDBG to set the component filter mask, then it works.

ed kd_IHVDRIVER_mask 0x8

Thanks @Tim_Roberts again. You are my idol.

minh · September 9, 2024, 3:16am

Thank you @rod_widdowson so much. I've read about BellaVista tool. I think it is a useful tool. I will try it next time.

minh · September 9, 2024, 3:17am

Thank you @Mark_Roddy so much. This might be a tricky way. I will try it.