Exetools  

Go Back   Exetools > General > x64 OS

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-21-2019, 03:30
Git's Avatar
Git Git is offline
Old Git
 
Join Date: Mar 2002
Location: Torino
Posts: 1,084
Rept. Given: 219
Rept. Rcvd 265 Times in 157 Posts
Thanks Given: 81
Thanks Rcvd at 203 Times in 119 Posts
Git Reputation: 200-299 Git Reputation: 200-299 Git Reputation: 200-299
x64 Win10 DbgPrint driving me nuts

I've developed the occasionally driver for many years, but this is the first time I've used Win10 as the development machine.

I can't see any DbgPrint() output

Nothing. I've tried the usual DebugView and also dbgMon. I've made the DEFAULT=0xFFFFFFFF registry fix I saw recommended. Still nothing. It may well be relevant that the Win10 machine is a VMWare guset OS.

Anybody point me at the obvious please?

Git
Reply With Quote
The Following User Says Thank You to Git For This Useful Post:
Indigo (07-19-2019)
  #2  
Old 02-21-2019, 16:23
nulli nulli is offline
VIP
 
Join Date: Nov 2003
Posts: 141
Rept. Given: 39
Rept. Rcvd 19 Times in 9 Posts
Thanks Given: 29
Thanks Rcvd at 46 Times in 35 Posts
nulli Reputation: 19
Did you run DebugView as admin and enable "Capture|Capture Kernel" and "Capture|Enable Verbose Kernel Output" menu items?
Reply With Quote
The Following User Says Thank You to nulli For This Useful Post:
Indigo (07-19-2019)
  #3  
Old 02-21-2019, 22:39
Git's Avatar
Git Git is offline
Old Git
 
Join Date: Mar 2002
Location: Torino
Posts: 1,084
Rept. Given: 219
Rept. Rcvd 265 Times in 157 Posts
Thanks Given: 81
Thanks Rcvd at 203 Times in 119 Posts
Git Reputation: 200-299 Git Reputation: 200-299 Git Reputation: 200-299
I'm in the habit of running tools like that as admin, but I honsetly can't remember. Yes, Capture Kernel on, verbose tried on and off.

Later - admin mode didn't reakky make any difference. I am getting some entries in the lst, but none from my semi-working driver and it's very quiet in general compared to how I remember it.

Git

Last edited by Git; 02-22-2019 at 01:21.
Reply With Quote
The Following User Says Thank You to Git For This Useful Post:
Indigo (07-19-2019)
  #4  
Old 02-22-2019, 03:29
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 246
Rept. Given: 24
Rept. Rcvd 101 Times in 47 Posts
Thanks Given: 42
Thanks Rcvd at 419 Times in 165 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Do you have any other tools swallowing the output before it hits the others you are watching? Any hooks in place to block the flow of those API as well?
__________________
Personal Projects Site: https://atom0s.com
Reply With Quote
The Following User Says Thank You to atom0s For This Useful Post:
Indigo (07-19-2019)
  #5  
Old 02-22-2019, 04:19
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,086
Rept. Given: 838
Rept. Rcvd 85 Times in 57 Posts
Thanks Given: 2,490
Thanks Rcvd at 410 Times in 290 Posts
niculaita Reputation: 85
Quote:
Originally Posted by Git View Post
I've developed the occasionally driver for many years, but this is the first time I've used Win10 as the development machine.

I can't see any DbgPrint() output

Nothing. I've tried the usual DebugView and also dbgMon. I've made the DEFAULT=0xFFFFFFFF registry fix I saw recommended. Still nothing. It may well be relevant that the Win10 machine is a VMWare guset OS.

Anybody point me at the obvious please?

Git
I used hasp srm debuger sys with monitor on windows 10 x64 but works only if UAC is off
__________________
Decode and Conquer
Reply With Quote
The Following User Says Thank You to niculaita For This Useful Post:
Indigo (07-19-2019)
  #6  
Old 03-11-2019, 23:43
Evilcry Evilcry is offline
Friend
 
Join Date: Jan 2009
Posts: 55
Rept. Given: 4
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 1
Thanks Rcvd at 38 Times in 16 Posts
Evilcry Reputation: 15
With DbgView remember also to add "Enable Verbose kernel output".

I had a few issues on W10 x64 because the dbgview driver was not running.

Here what I do:

Run DbgView as Admin
Set the various flags
At this point if it's not working I close and reopen it

don't know if it's your same issue but probably is worth a try
Reply With Quote
The Following 2 Users Say Thank You to Evilcry For This Useful Post:
Indigo (07-19-2019), niculaita (03-12-2019)
  #7  
Old 03-19-2019, 01:13
Avalon Avalon is offline
Friend
 
Join Date: Jul 2018
Posts: 7
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 9 Times in 7 Posts
Avalon Reputation: 0
If you have Visual Studio running, it will capture the debug output. Do you see any output in i.e. DbgView?

I assume you've verified the the regkey is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter "DEFAULT"WORD 0xF

Now during driver dev I often change the KdFilter away from DEFAULT to avoid spam from Windows and all other drivers. If you have windbg attached to the kernel of the guest in vmware what value does this give:
Quote:
dd nt!Kd_DEFAULT_Mask
Reply With Quote
The Following 2 Users Say Thank You to Avalon For This Useful Post:
Indigo (07-19-2019), niculaita (03-19-2019)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT +8. The time now is 21:16.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX