Hi,
I would to capture all messages sent to debugger via OutputDebugString and/or via DbgPrint. Is there a way to intercept all messages without using hooks? I wish to avoid the writing of a driver, because many of these messages are sent via OutputDebugString from my library injected in other user-processes.
thank you
cod
The function prototype for DbgSetDebugPrintCallback is available in the WDK,
though there’s no documentation available for it. Why do you need to do
this? There might be a better/easier way.
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
> Hi,
>
> I would to capture all messages sent to debugger via OutputDebugString
> and/or via DbgPrint. Is there a way to intercept all messages without
> using hooks? I wish to avoid the writing of a driver, because many of
> these messages are sent via OutputDebugString from my library injected in
> other user-processes.
>
> thank you
> cod
>
If you have control over the code issuing the debug prints, why not modify it to log to a common mechanism that can collect all of the data as desired?
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@inbox.com
Sent: Monday, May 24, 2010 9:05 PM
To: Kernel Debugging Interest List
Subject: [windbg] how capture OutputDebugString/DbgPrint
Hi,
I would to capture all messages sent to debugger via OutputDebugString and/or via DbgPrint. Is there a way to intercept all messages without using hooks? I wish to avoid the writing of a driver, because many of these messages are sent via OutputDebugString from my library injected in other user-processes.
thank you
cod
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
This is how we do it. It is also how we did it at other companies. Logging…
----- Original Message -----
From: “Skywing”
To: “Kernel Debugging Interest List”
Sent: Tuesday, May 25, 2010 11:43:06 AM GMT -05:00 US/Canada Eastern
Subject: RE: [windbg] how capture OutputDebugString/DbgPrint
If you have control over the code issuing the debug prints, why not modify it to log to a common mechanism that can collect all of the data as desired?
- S
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@inbox.com
Sent: Monday, May 24, 2010 9:05 PM
To: Kernel Debugging Interest List
Subject: [windbg] how capture OutputDebugString/DbgPrint
Hi,
I would to capture all messages sent to debugger via OutputDebugString and/or via DbgPrint. Is there a way to intercept all messages without using hooks? I wish to avoid the writing of a driver, because many of these messages are sent via OutputDebugString from my library injected in other user-processes.
thank you
cod
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
I have access to source code of my injected dll, and I can modify my dll to send log to my app using a pipe… but some processes use OutputDebugString in user mode to send messages to debug and I can’t exclude also messages sent from driver to debugger. They are software that interact with device controller from user mode using DeviceIoControl and/or via kernel mode with custom drivers.
thanks
cod
wrote in message news:xxxxx@windbg…
> Hi,
>
> I would to capture all messages sent to debugger via OutputDebugString
> and/or via DbgPrint. Is there a way to intercept all messages without
> using hooks? I wish to avoid the writing of a driver, because many of
> these messages are sent via OutputDebugString from my library injected in
> other user-processes.
Here is what you’re after:
http://alter.org.ua/soft/win/dbgdump/dbgdump.php
You can’t do this without hooks on anything before Vista.
DbgSetDebugPrintCallback probably was created only after Mr. Russinovich
joined MS, to legalize DebugView on x64 
Not everybody is ready for ETW yet.
IMHO hooking DbgPrint and its friends is attractive idea,
because they are stack hogs. They allocate the 512 bytes buffer on stack,
and then always call sprintf, even if the string does not need formatting.
And there is the nuisance with unicode formats at >= DISPATCH.
Regards,
– pa