Tip: Enable Kernel Debug output on Vista and up

December 17, 2014

2 comments

Those writing device drivers, or are interested in seeing outputs from a kernel driver’s calls to the KdPrint macro or the DbgPrint function may find that the messages don’t appear on Windows Vista or newer versions of Windows. Even when using a tool such as DebugView (from SysInternals), running with administrative privileges, with kernel capture turned on, nothing seem to appear from expected drivers:

image

The reason is that in Vista and up kernel output is conditional, based on some flags that can be set in KdPrintEx, DbgPrintEx, etc. A complete explanation can be found in the MS docs here.

To set the correct level, a key named Debug Print Filter must be added (it does not exist by default) under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager

In that key, values can be added corresponding to a level that we want to see messages for (error, warning, trace, info). It turns out that the “default” old behavior provided by KdPrint/DbgPrint is to use the “Info” level, which has a value of 3, and this signifies the bit that needs to be set to one, so the actual number is 2 to the third power which is 8. Furthermore, the correct “component” name needs to be specified, and for KdPrint/DbgPrint it’s named “DEFAULT” (note, it must have capital letters).

This leads to the following setting in the registry:

image

Once that’s set, a restart is required for the setting to take effect. Then opening DebugView and enabling kernel output capture will show KdPrint/DbgPrint calls.

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

2 comments

  1. NebojsaMay 13, 2015 ב 16:42

    May I say that I’ve watched your Windows Internals (Pluralsight) series course and that I was amazed by quality and relevance of the information. I had some theoretical knowledge how OSes work, but this helped me a lot in understanding in detail how Windows OSes works. And also in my work when building or troubleshooting projects on which I work. Keep up with good work!

    Reply
    1. Pavel Yosifovich
      Pavel YosifovichMay 13, 2015 ב 17:17

      Thanks a lot.
      Much appreciated!

      Reply