Windows Kernel Debugger API?...accessing strings

1k Views Asked by Cosmin Popescu At 20 October 2024 at 08:39

How can you read Windows kernel debugger strings generated by calls to kdPrint or debugPrint functions?

Reading in user mode especially, but it is also good in kernel mode!

It's the same thing as DebugView does, but I want to filter and to work only with certain messages (strings) given to the debugger.

Original Q&A

There are 1 best solutions below

Anders On 21 April 2010 at 13:44

In user mode, you have the DBWIN "API":

Create a named ("DBWIN_BUFFER") shared memory region (4096 bytes, first DWORD is the process pid) and two events
Signal the DBWIN_BUFFER_READY named event
Wait for the DBWIN_DATA_READY named event
Read shared memory (And go to step #2 to get the next output)

In kernel mode on NT6 you have DbgSetDebugPrintCallback

On older stuff, you need to do some sort of hooking (int 0x2d / DebugService) The best place to find more help about that is probably the OSR newsgroup.

Edit: On Vista and later, you need to set the Debug Print Filter registry entry to enable debug output messages from DbgPrint[Ex] (For KdPrint you need a kernel debugger IIRC)

Windows Kernel Debugger API?...accessing strings

There are 1 best solutions below

Related Questions in WINDOWS

Related Questions in WINAPI

Related Questions in DEBUGGING

Related Questions in KERNEL

Related Questions in DEBUGVIEW

Trending Questions

Popular # Hahtags

Popular Questions