none
DbgPrintEx() for dummies RRS feed

  • Question

  • Hi guys, I hope you can help a newbie getting started with kernel-mode driver coding. My previous C experience is mainly from embedded stuff.

    To get started, I'd like to make just a simple hello-world. But I can't see my messages in DebugVeiw. I hope you can give me some hints on what's wrong below, or point me to a step-by-step kernel-mode hello-world. Not understanding the full implications of filtering DbgPrintEx() filtering I took a bit of a blunt approach in my code (see below). Here is what I did:

    - Read tutorial at http://www.catch22.net/tuts/introduction-device-drivers
    - Get confused by DbgPrintEx documentation at
        http://www.osronline.com/article.cfm?article=295
        http://msdn.microsoft.com/en-us/library/windows/hardware/gg487458.aspx
    - Fix registry (see below) and reboot on my Win32 test machine
    - Build the below code in a Win7-32 checked environment with WDK 7600.16385.1, no serious messages I believe
    - Download driver loader http://www.osronline.com/article.cfm?article=157 (run WLH build)
    - Run DebugVeiw http://download.cnet.com/DebugView/3000-2218_4-10213957.html
    - Open driver loader, register and start the service "hello" corresponding to built "hello.sys" with default params, no issues
    - Watch utter silence in DebugView in spite of 10k debug message combinations
    - Re-iterate with a few driver unloads and reboots for good measure


    Debug Print Filter:

    =========
    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Debug Print Filter]
    "DEFAULT"=dword:0000000f
    =========

    Source code hello.c:
    =========
    #include <ntddk.h>
    int a, b;

    void DriverUnload(PDRIVER_OBJECT pDriverObject)
    {
        DbgPrint("Driver unloading\n");
    }

    NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
    {
        DriverObject->DriverUnload = DriverUnload;
        DbgPrint("Hello, World\n");
        for (a=0; a<100; a++) { // Blunt approach...
            for (b=0; b<100; b++) {
                DbgPrintEx(a, b,  "%d %d\n", a, b);
            }
        }
        return STATUS_SUCCESS;
    }
    =========

    Thanks,

    Borge

    Saturday, February 23, 2013 4:04 PM

Answers

  • First you did choose "Capture Kernel" from the "Capture" menu of DebugView?  If not that is your problem.  As you go forward you will want the OSRSystool http://www.osronline.com/article.cfm?article=537 which allows you to set up all your settings.

    Now with your actual code, you should not be using every known value for the ComponentId and the Level.  ComponentId is there to indentify which component is spewing, so by using all of them you provide no way to filter the debug output.  In the same maner Level is there it indicate criticality of the error, and again should be used wisely.  For most people just use DbgPrint and let the system take care of it.

    Finally, the sample you chose is fine to get yourself started, but for anything real start with the driver samples from the WDK.  Starting out do it right and use the Windows Driver Framework (KMDF and UMDF) model drivers.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Saturday, February 23, 2013 4:23 PM