How to make log file that collects data from the kernel buffer

Raj_ganesh · November 6, 2015, 4:43am

Hi experts…
My aim is to create a log file that collects data from the kernel buffer and to save a log file in windows.

In linux reference code they created misc drive to handle the log sequence and copying the content to the user space by accessing the driver
so how can i achieve this in windows driver ie i need to save the content that is filling in the created kernel buffer as a file.
I Google it and misc drivers its acts more like a char driver so they use snprintf and copy_to_user to log it

Peter_Viscarola_OSR · November 6, 2015, 8:11am

You know we have a built-in logging feature in Windows, right? It’s called WPP tracing? It automagically logs to a memory buffer, can be enabled/disabled dynamically, and the trace can be saved to disk and/or interpreted later?? No work on your part at all, except to initialize it and call the logging functions. Done!

Note that everything after these four words in your post are irrelevant.

You CAN roll your own logging. One of the fun things about Windows is that you can actually do read and write operations to files directly from kernel-mode (as long as you’re at the right IRQL).

Actually implementing a useful, working, trace facility is rather more difficult than it first appears. Especially if you’re already asking us how to do it, and spent the majority of your post describing how it’s done in your “linux reference code”…

You should check out WPP Tracing first.

Peter
OSR
@OSRDrivers

Mark_Roddy · November 6, 2015, 9:10am

There is an existing logging facility that does this for you, google ETW.
Is that not sufficient? Here: http://lmgtfy.com/?q=ETW#

Mark Roddy

On Fri, Nov 6, 2015 at 4:42 AM, wrote:

> Hi experts…
> My aim is to create a log file that collects data from the kernel buffer
> and to save a log file in windows.
>
> In linux reference code they created misc drive to handle the log sequence
> and copying the content to the user space by accessing the driver
> so how can i achieve this in windows driver ie i need to save the content
> that is filling in the created kernel buffer as a file.
> I Google it and misc drivers its acts more like a char driver so they use
> snprintf and copy_to_user to log it
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>