Problems with Sysinternals DebugView Tool showing debug output...

Daryl_Fowlkes · December 29, 2016, 4:40pm

I’m building a NDIS driver using Visual Studio 2015 and Windows 10 WDK. I placed several “KdPrint()” calls into my DriverEntry routine. When I run DebugView to see the prints, they do not appear.

The driver is running on a Windows Server 2012 R2 system. I have already created the “Debug Print Filter” registry key and rebooted several times to no avail. I also double-checked that I am building the CHK’d version of the driver. This used work for me on Windows 7 and earlier operating systems without any issues. I see other system output listed in DebugView but don’t see the prints I inserted. I have verified that the driver is loading by checking the registry “Services” key.

Any thoughts on how I can get the prints to show in DebugView? Thanks in advance for your help!

Erik_Dabrowsky · December 29, 2016, 5:38pm

I recently had to do this on a 2012 R2 system.

Here’s what worked for me:

At a command line run:

bcdedit /debug ON

In regedit, add a key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug
Print Filter

Under that , add a DWORD value named IHVDRIVER with a value of 0xFFFF

Reboot the machine.

Run DbgView and under the capture menu, check “Capture Kernel” if it’s not
already.

If your driver is being loaded during boot up, click the “Log Boot” option
under the capture window and then reboot.

See this article for info on the debug filter settings:
https://msdn.microsoft.com/windows/hardware/drivers/devtest/reading-and-filt
ering-debugging-messages

See this article for info on the bcdedit /debug setting:
https://msdn.microsoft.com/en-us/library/windows/hardware/ff542191(v=vs.85).
aspx

Hope that helps.

Erik

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Daryl Fowlkes
Sent: Thursday, December 29, 2016 3:39 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Problems with Sysinternals DebugView Tool showing debug
output…

I’m building a NDIS driver using Visual Studio 2015 and Windows 10 WDK. I
placed several “KdPrint()” calls into my DriverEntry routine. When I run
DebugView to see the prints, they do not appear.

The driver is running on a Windows Server 2012 R2 system. I have already
created the “Debug Print Filter” registry key and rebooted several times to
no avail. I also double-checked that I am building the CHK’d version of the
driver. This used work for me on Windows 7 and earlier operating systems
without any issues. I see other system output listed in DebugView but don’t
see the prints I inserted. I have verified that the driver is loading by
checking the registry “Services” key.

Any thoughts on how I can get the prints to show in DebugView? Thanks in
advance for your help!

NTDEV is sponsored by OSR

Visit the list online at:
http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:>

Daryl_Fowlkes · December 29, 2016, 5:59pm

Thanks for the response Erik! Which “print” function are you using, KdPrint(), KdPrintEx(), etc.?

From: xxxxx@lists.osr.com on behalf of Erik Dabrowsky
Sent: Thursday, December 29, 2016 5:37:16 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Problems with Sysinternals DebugView Tool showing debug output…

I recently had to do this on a 2012 R2 system.

Here’s what worked for me:

At a command line run:
bcdedit /debug ON

In regedit, add a key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter
Under that , add a DWORD value named IHVDRIVER with a value of 0xFFFF

Reboot the machine.

Run DbgView and under the capture menu, check “Capture Kernel” if it’s not already.

If your driver is being loaded during boot up, click the “Log Boot” option under the capture window and then reboot.

See this article for info on the debug filter settings: https://msdn.microsoft.com/windows/hardware/drivers/devtest/reading-and-filtering-debugging-messages

See this article for info on the bcdedit /debug setting: https://msdn.microsoft.com/en-us/library/windows/hardware/ff542191(v=vs.85).aspx

Hope that helps.

Erik

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Daryl Fowlkes
Sent: Thursday, December 29, 2016 3:39 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Problems with Sysinternals DebugView Tool showing debug output…

I’m building a NDIS driver using Visual Studio 2015 and Windows 10 WDK. I placed several “KdPrint()” calls into my DriverEntry routine. When I run DebugView to see the prints, they do not appear.

The driver is running on a Windows Server 2012 R2 system. I have already created the “Debug Print Filter” registry key and rebooted several times to no avail. I also double-checked that I am building the CHK’d version of the driver. This used work for me on Windows 7 and earlier operating systems without any issues. I see other system output listed in DebugView but don’t see the prints I inserted. I have verified that the driver is loading by checking the registry “Services” key.

Any thoughts on how I can get the prints to show in DebugView? Thanks in advance for your help!

—
NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:

—
NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></http:></http:></http:>

Tim_Roberts · December 29, 2016, 6:24pm

Daryl Fowlkes wrote:

Thanks for the response Erik! Which “print” function are you using,
KdPrint(), KdPrintEx(), etc.?

There really aren’t that many things to check.

KdPrint only works in the checked build of your driver, otherwise it
compiles to nothing. DbgPrint works in both.

In DbgView, if you “Enable Verbose Kernel Output”, then the “Debug Print
Filter” registry entries don’t matter. It grabs them all.

Without the verbose option, you need either IHVDRIVER or DEFAULT to
enable output, and that requires a reboot.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Daryl_Fowlkes · December 29, 2016, 6:52pm

Thanks for the help Tim. Got it working.

From: xxxxx@lists.osr.com on behalf of Tim Roberts
Sent: Thursday, December 29, 2016 6:23:16 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Problems with Sysinternals DebugView Tool showing debug output…

Daryl Fowlkes wrote:
>
> Thanks for the response Erik! Which “print” function are you using,
> KdPrint(), KdPrintEx(), etc.?
>

There really aren’t that many things to check.

KdPrint only works in the checked build of your driver, otherwise it
compiles to nothing. DbgPrint works in both.

In DbgView, if you “Enable Verbose Kernel Output”, then the “Debug Print
Filter” registry entries don’t matter. It grabs them all.

Without the verbose option, you need either IHVDRIVER or DEFAULT to
enable output, and that requires a reboot.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

—
NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:>

Erik_Dabrowsky · December 29, 2016, 7:02pm

I have a macro in the code defined as follows:

#if DBG

#define DbgTrace(…)
DbgPrintEx(DPFLTR_IHVDRIVER_ID,DPFLTR_TRACE_LEVEL,VA_ARGS)

#else

#define DbgTrace(…)

#endif

.

DbgTrace(“Entering DriverEntry\n”);

.

DbgTrace(“IoGetDeviceObjectPointer() failed, error 0x%08X\n”, NtStatus);

.

Etc

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Daryl Fowlkes
Sent: Thursday, December 29, 2016 4:58 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Problems with Sysinternals DebugView Tool showing debug
output…

Thanks for the response Erik! Which “print” function are you using,
KdPrint(), KdPrintEx(), etc.?

From: xxxxx@lists.osr.com
on behalf of Erik Dabrowsky

Sent: Thursday, December 29, 2016 5:37:16 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Problems with Sysinternals DebugView Tool showing debug
output…

I recently had to do this on a 2012 R2 system.

Here’s what worked for me:

At a command line run:

bcdedit /debug ON

In regedit, add a key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug
Print Filter

Under that , add a DWORD value named IHVDRIVER with a value of 0xFFFF

Reboot the machine.

Run DbgView and under the capture menu, check “Capture Kernel” if it’s not
already.

If your driver is being loaded during boot up, click the “Log Boot” option
under the capture window and then reboot.

See this article for info on the debug filter settings:
https://msdn.microsoft.com/windows/hardware/drivers/devtest/reading-and-filt
ering-debugging-messages

See this article for info on the bcdedit /debug setting:
https://msdn.microsoft.com/en-us/library/windows/hardware/ff542191(v=vs.85).
aspx

Hope that helps.

Erik

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Daryl Fowlkes
Sent: Thursday, December 29, 2016 3:39 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Problems with Sysinternals DebugView Tool showing debug
output…

I’m building a NDIS driver using Visual Studio 2015 and Windows 10 WDK. I
placed several “KdPrint()” calls into my DriverEntry routine. When I run
DebugView to see the prints, they do not appear.

The driver is running on a Windows Server 2012 R2 system. I have already
created the “Debug Print Filter” registry key and rebooted several times to
no avail. I also double-checked that I am building the CHK’d version of the
driver. This used work for me on Windows 7 and earlier operating systems
without any issues. I see other system output listed in DebugView but don’t
see the prints I inserted. I have verified that the driver is loading by
checking the registry “Services” key.

Any thoughts on how I can get the prints to show in DebugView? Thanks in
advance for your help!

—
NTDEV is sponsored by OSR

Visit the list online at:
http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:

—
NTDEV is sponsored by OSR

Visit the list online at:
http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:

—
NTDEV is sponsored by OSR

Visit the list online at:
http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:></http:></http:></http:></http:></http:></http:>