How to see dbgprint message in WinDbg ?

Discussion:

(too old to reply)

Skybuck Flying

2009-08-09 01:25:03 UTC

Hello,

WinDbg is connected to Windows 7 RTM x64 Ultimate (running in debug mode).

WinDbg says to press g and enter and so forth.

Now I want to see the dbgprint messages of the netvmini driver ?!?

I tried to enter the following command in WinDbg:

"Break"

and

"!dbgprint"

It showed two blocks or so:

[][]:

And that was it ?!?

Is it possible to make some kind of recording ?

I understand there could be many many many of these messages ?

How do I proceed ?

Bye,
Skybuck.

Skybuck Flying

2009-08-09 01:35:16 UTC

Permalink

Ok,

First I am gonna follow this tutorial to setup the pdb files hopefully that
gonna help.

If I need any more help after that tutorial I will let you people know ;) :)

http://blogs.msdn.com/iliast/archive/2006/12/10/windbg-tutorials.aspx

Bye,
Skybuck.

Skybuck Flying

2009-08-09 01:38:35 UTC

Permalink

I added the folder of the driver pdb's... to the symbol path...

Should I also add the folders to the application pdb's to the symbol path ?

For now I will do that too... But I am not sure if that's ok ?

Maybe only driver pdb's should be added ? hmm...

Bye,
Skybuck.

Skybuck Flying

2009-08-09 01:44:01 UTC

Permalink

Also should source be set to the root of "exe" and "sys" folder or just
"sys" folder...

Well I am out of luck...

Some tutorial website doing an update:

"
Welcome to the Code Project
Your place for free C++, C# and .NET articles, code snippets, discussions,
news and the best bunch of developers on the net.
The Code Project is currently getting a hardware upgrade. We will be back
online at 6AM US Eastern Time (11 AM GMT, 10PM Sydney).
"

Maybe I have some tutorial somewhere on my hd... I think I did something
like this before ;) But don't count on it ;)

Bye,
Skybuck.

Skybuck Flying

2009-08-09 01:56:30 UTC

Permalink

I can vaguely remember a link/document from a few hours ago mentioning some
kind of remote debugger...

Maybe that's necessary ?

Me not sure...

Me going through this powerpoint presentation:

http://download.microsoft.com/download/f/0/5/f05a42ce-575b-4c60-82d6-208d3754b2d6/Adv-

Bye,
Skybuck.

Skybuck Flying

2009-08-09 02:17:08 UTC

Permalink

The WinDbg help has some info...

Right now I am trying:

ed netvmini_Mask 0x8

This seems to do something ;)

It's downloading/loading stuff.

I'll have to stop soon because it's bed time :P*

Bye,
Skybuck.

Skybuck Flying

2009-08-09 02:18:34 UTC

Permalink

It's pooping out some errors ;)

I hope it's not downloading all this stuff for nothing.

I think these probably drivers it can't find the symbols for...

Looks like some vmware drivers in there ;)

1: kd> ed netvmini_Mask 0x8
*** ERROR: Module load completed but symbols could not be loaded for
amdxata.sys
*** ERROR: Module load completed but symbols could not be loaded for
vmrawdsk.sys
*** ERROR: Module load completed but symbols could not be loaded for
spldr.sys
*** ERROR: Module load completed but symbols could not be loaded for
vmmemctl.sys
*** ERROR: Module load completed but symbols could not be loaded for
peauth.sys
*** ERROR: Module load completed but symbols could not be loaded for
secdrv.SYS
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
spsys.sys -
*** ERROR: Module load completed but symbols could not be loaded for
vmhgfs.sys
*** ERROR: Module load completed but symbols could not be loaded for
vmmouse.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
vmci.sys -
*** ERROR: Module load completed but symbols could not be loaded for
vmx_svga.sys
*** ERROR: Module load completed but symbols could not be loaded for
vmaudio.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
drmk.sys -

Bye,
Skybuck.

Skybuck Flying

2009-08-09 02:19:35 UTC

Permalink

So much for that:

Couldn't resolve error at 'netvmini_Mask 0x8'.

Anybody know the command for debugging netvmini.sys let me know ?!

Bye,
Skybuck.

Skybuck Flying

2009-08-09 02:31:56 UTC

Permalink

Ok,

A "so-called-expert" at a web forum mentions "debugview".

This is not an option of WinDbg... nooooo...

This is a special tool available from Microsoft.

And apperently it can capture all the DbgPrint stuff... and that's exactly
what I want for now ?!

And you don't even need to computers for it...

Maybe you don't even need WinDbg for it ?! ;)

http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx

Well it's a bit late now... so I will have to try this tomorrow.

I got a stinky finger too and it needs a washing LOL. BAH LOL.

Bye,
Skybuck ;) =D

Post by Skybuck Flying
Couldn't resolve error at 'netvmini_Mask 0x8'.
Anybody know the command for debugging netvmini.sys let me know ?!
Bye,
Skybuck.

Skybuck Flying

2009-08-09 02:33:48 UTC

Permalink

Well I gotta try out this DebugView first...

I can't go to bed with false hope...

I must known for sure if it works or does not work...

Otherwise my magic brain would be deceived during it's sleep ! ;)

DONT LET ME DOWN DEBUGVIEW PLS OK ? ;)

Bye,
Skybuck ;) :)

Post by Skybuck Flying
Ok,
A "so-called-expert" at a web forum mentions "debugview".
This is not an option of WinDbg... nooooo...
This is a special tool available from Microsoft.
And apperently it can capture all the DbgPrint stuff... and that's exactly
what I want for now ?!
And you don't even need to computers for it...
Maybe you don't even need WinDbg for it ?! ;)
http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx
Well it's a bit late now... so I will have to try this tomorrow.
I got a stinky finger too and it needs a washing LOL. BAH LOL.
Bye,
Skybuck ;) =D

Post by Skybuck Flying
Couldn't resolve error at 'netvmini_Mask 0x8'.
Anybody know the command for debugging netvmini.sys let me know ?!
Bye,
Skybuck.

Skybuck Flying

2009-08-09 02:46:05 UTC

Permalink

I had a feeling it wasn't gonna work...

It would be to good to be true.

I tried DebugView on X64 Pro which is in normal mode.

That didn't work.

I tried connect but network not yet properly configured to connect to
Windows 7.

So I decided to copy DebugView to Windows 7 to see if it would work there.

No word about windows 7 support for it but I tried anyway.

As soon as I click capture kernal it gives an error on Windows 7:

"Could not extract DebugView driver to:
C:\Windows\system32\Drivers\Dbgv.sys: Access is denied.

Kernel debug output capture will be unavailable.
"

So much for that.

I could try rebooting X64 pro in debug mode but I will definetly
do that tomorrow because rebooting gonna take ages.

I will try one more thing and that is the connect option.

But for that I first need to go wash my finger ! ;)

Otherwise my keyboard is gonna get stinky.

I can't configure my network with 1.8 hands...

I need 2.0 hands for it.

Bye,
Skybuck.

Skybuck Flying

2009-08-09 03:11:24 UTC

Permalink

Another fine waste of time.

Apperently DebugView cannot work over VM connections ?

I tried it it says it's on the local machine and that's it...

The only thing it does is make a nice error beep sound.

From the looks of it it's pretty ridicilous how much trouble I have to go
through to just get a few lines of text output ?!

Is this Microsoft's conspiracy of wasting my time ?

One must wonder about that.

Bye,
Skybuck.

Skybuck Flying

2009-08-09 03:19:36 UTC

Permalink

Hmm this is kinda odd... I was under the impression that the network between
host and guest was working...

But at the same time I thought something weird was going on so I decided to
do a little connection test...

And indeed something weird is going on...

Only one side can connect with the other side not vice versa...

Gotta resolve this first before I dismiss DebugView's connect stuff ;)

Bye,
Skybuck.

Skybuck Flying

2009-08-09 04:55:07 UTC

Permalink

Ok, network issue is now supposedly fixed.

Trying DebugView from XP to Windows 7 doesn't work.

It doesn't connect. Why it doesn't work is hard to say.

The firewall is down (which was also a problem).

Maybe Windows 7 is protected.

However I did read something about DebugView and getting it working on
Windows 7:

Run it as Administrator... (special command from file menu).

Then it works and error is gone.

So if all goes well I should now be able to run DebugView on Windows 7 X64
Ultimate...

And get some debugging information from the driver...

But for this I have to now restart into debug mode... which it is already
in...

But now I need to disable the driver signing again...

And hopefully then "the magic happens" :)

Bye,
Skybuck =D

Skybuck Flying

2009-08-09 05:06:40 UTC

Permalink

Rebooted...

Still nothing getting logged.

Nothing being displayed in DebugView ?!?

So it seems not to work...

What a big surprise.

I already wasted lik 8 hours trying to get a fucking logger going.

What's the big deal really ?

What's wrong with

WriteToFile( vFile, 'blablablabla' );

I would be done already !

HAHA what a joke !

Bye,
Skybuck.

Skybuck Flying

2009-08-09 05:09:18 UTC

Permalink

Wow I was examining the network settings in Windows 7...

And exploring "Home groups"...

Not sure if that has anything to with it...

And then suddenly DebugView started recording something ?!?

Or maybe it was just some lag and it needed some time...

Now I saved the first log...

Now I try to convert it to text so I can copy paste it here so you guys can
look at it too ! ;) :)

Fortunately... not 8 hours completely wasted lol.

Bye,
Skybuck.

tsperling

2009-08-09 02:24:29 UTC

Permalink

Sleeping is for amateurs - night time, at least!

(Don't you think perhaps that driver needs to be 'signed'?)

Tony. . .

Post by Skybuck Flying
The WinDbg help has some info...
ed netvmini_Mask 0x8
This seems to do something ;)
It's downloading/loading stuff.
I'll have to stop soon because it's bed time :P*
Bye,
Skybuck.

Don Burn

2009-08-09 11:20:17 UTC

Permalink

You might have read the documentation before complaining as many times as
you did. To use Windbg to get the messages you need two things. First it
must be a remote debugger, using two machines connected by serial, 1394 or
(rarely USB). Second you have to enable the debug messages since they are
disabled by default. See http://www.osronline.com/article.cfm?id=295 for a
good explanation of how to do this.

Note: you need to do this for DebugView also which will work on a single
machine, but debugging a driver that way is really a poor idea, since you
will have no breakpoints nor the ability to look at variables, etc. Get two
machines and do it right.
--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

Post by Skybuck Flying
Hello,
WinDbg is connected to Windows 7 RTM x64 Ultimate (running in debug mode).
WinDbg says to press g and enter and so forth.
Now I want to see the dbgprint messages of the netvmini driver ?!?
"Break"
and
"!dbgprint"
And that was it ?!?
Is it possible to make some kind of recording ?
I understand there could be many many many of these messages ?
How do I proceed ?
Bye,
Skybuck.
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4319 (20090809) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4319 (20090809) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

Skybuck Flying

2009-08-09 23:54:38 UTC

Permalink

I took all the necessary steps as described by some tutorials... the mostly
describe how to connect and set things up and that's it.

What I don't understand is that it appears there is some lag before the
messages arrive at the debugview ?

And sometimes it doesn't seem to work...

But that might be because of buggy driver or maybe not ?

Do you have any experience with it ?

What would be a better way to debug a driver ?

Can you give an example of how to look at a variable ?

Or how to set a breakpoint at some driver source line ?

I guess you mean source-debugging and this would require a correct source
setup with windbg ? ;)

Bye,
Skybuck.

Post by Don Burn
You might have read the documentation before complaining as many times as
you did. To use Windbg to get the messages you need two things. First it
must be a remote debugger, using two machines connected by serial, 1394 or
(rarely USB). Second you have to enable the debug messages since they are
disabled by default. See http://www.osronline.com/article.cfm?id=295 for
a good explanation of how to do this.
Note: you need to do this for DebugView also which will work on a single
machine, but debugging a driver that way is really a poor idea, since you
will have no breakpoints nor the ability to look at variables, etc. Get
two machines and do it right.
--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4319 (20090809) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com

Don Burn

2009-08-10 00:03:51 UTC

Permalink

DebugView gets a buffer full of messages before it displays them so yes
there is lag by design. You should be debugging with 2 machines or 2
virtual machines and Windbg. If you use the WinDBG GUI interface it is
easy to view a variable, stop at a breakpoint and the locals window has all
the local vars, and you can look at globals from either the command window
or from the watch window.
--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

Post by Skybuck Flying
I took all the necessary steps as described by some tutorials... the mostly
describe how to connect and set things up and that's it.
What I don't understand is that it appears there is some lag before the
messages arrive at the debugview ?
And sometimes it doesn't seem to work...
But that might be because of buggy driver or maybe not ?
Do you have any experience with it ?
What would be a better way to debug a driver ?
Can you give an example of how to look at a variable ?
Or how to set a breakpoint at some driver source line ?
I guess you mean source-debugging and this would require a correct source
setup with windbg ? ;)
Bye,
Skybuck.

Post by Don Burn
You might have read the documentation before complaining as many times as
you did. To use Windbg to get the messages you need two things. First
it must be a remote debugger, using two machines connected by serial,
1394 or (rarely USB). Second you have to enable the debug messages since
they are disabled by default. See
http://www.osronline.com/article.cfm?id=295 for a good explanation of how
to do this.
Note: you need to do this for DebugView also which will work on a single
machine, but debugging a driver that way is really a poor idea, since you
will have no breakpoints nor the ability to look at variables, etc. Get
two machines and do it right.
--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4319 (20090809) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4320 (20090809) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4320 (20090809) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com