Hi!
Does everyone out there knows how can you read windows kernel debugger strings generated by calls to kdPrint or debugPrint functions?
Reading in user mode especially but it is also good in kernel mode!
It's the same thing as DebugView does but I want to filter and to work only with certain messages (strings) given to the debugger!
Thanks a lot in advance!...
In user mode, you have the DBWIN "API":
In kernel mode on NT6 you have DbgSetDebugPrintCallback
On older stuff, you need to do some sort of hooking (int 0x2d / DebugService) The best place to find more help about that is probably the OSR newsgroup.
Edit: On Vista and later, you need to set the Debug Print Filter registry entry to enable debug output messages from DbgPrint[Ex] (For KdPrint you need a kernel debugger IIRC)
Thanks for your reply ... it was very helpfull.
In the other specifications (for example here http://www.codeproject.com/KB/winsdk/OutputDebugString.aspx) the steps are in the order 3,4,2 but your case seemed to work better.
I still have two problems though:
I can catch all the debug strings sent by OutputDebugString windows function but not the messages sent by KdPrint in kernel-mode. I don't know why. At first I thought that KdPrint would throw Unicode characters in the common buffer but tried to interpret that way the common buffer and still no results.
If I throw a message to the debugger using OutputDebugString function that message will be read continuously until I am throwing the second message. The solution I had in mind would be to index the messages or to attach them a unique Id that would help me read them only once.
The real problem would be the first ... please help if you know my issue!