How can you read Windows kernel debugger strings generated by calls to kdPrint or debugPrint functions?
Reading in user mode especially, but it is also good in kernel mode!
It's the same thing as DebugView do开发者_C百科es, but I want to filter and to work only with certain messages (strings) given to the debugger.
In user mode, you have the DBWIN "API":
- Create a named ("DBWIN_BUFFER") shared memory region (4096 bytes, first DWORD is the process pid) and two events
- Signal the DBWIN_BUFFER_READY named event
- Wait for the DBWIN_DATA_READY named event
- Read shared memory (And go to step #2 to get the next output)
In kernel mode on NT6 you have DbgSetDebugPrintCallback
On older stuff, you need to do some sort of hooking (int 0x2d / DebugService) The best place to find more help about that is probably the OSR newsgroup.
Edit: On Vista and later, you need to set the Debug Print Filter registry entry to enable debug output messages from DbgPrint[Ex] (For KdPrint you need a kernel debugger IIRC)
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论