DbgPrint logger
for
NT3.51/NT4/NT4-TS/w2k/XP/2k3/2k3-r2/Vista and WinPE/BartPE/MobileOS
DbgPrint logger home
DbgPrint logger SDK
Download:
DbgPrnHk_v8g_sdk.rar/tgz (100.3 Kb/139.6 Kb) - SDK,
DbgPrnHk_v8g_all.rar/tgz (316.3 Kb/414.9 Kb) - all together
This SDK simplifies communications with DbgDump tools.
You can use either Debug (PostDbgMesgD.lib) or Release (PostDbgMesg.lib)
static library in you project to post debug messages directly to
DbgPrnHk driver. Posted messages are stored in driver's internal buffer
and can be later obtained by DbgPrintLog.exe either in service mode or
console mode.
It is useful for capturing logs when Service Manager or Win32 subsystem
is unavailable.
Include PostDbgMesg.h and PostDbgMesg.lib into your project.
After that you will be able to use DbgDump_Printf(), DbgDump_Print()
and DbgDump_Printn() API.
DbgPrint logger SDK API
DbgDump_Printf
BOOLEAN
_cdecl
DbgDump_Printf(
PCHAR Format,
...
);
DbgDump_Printf() is similar to standard printf(). It uses format string
as first operand. Note, total length of final string is limited to 2047
characters.
Example:
DbgDump_Printf("Test print, Process ID = %d\n", GetCurrentProcessId());
DbgDump_Print
BOOLEAN
__stdcall
DbgDump_Print(
PCHAR Msg
);
DbgDump_Print() simply prints to log ASCIIZ string.
Example:
DbgDump_Print("Test print ASCIIZ\n\0 This will never be printed!!!\n");
DbgDump_Printn
BOOLEAN
__stdcall
DbgDump_Printn(
PCHAR Msg,
ULONG Length
);
DbgDump_Printn() prints to log specified number of characters. NULL-character is NOT treated as terminator.
Example:
DbgDump_Printn("Test print CHARS\n\0 This will be printed!!!\n",
sizeof("Test print CHARS\n\0 This will be printed!!!\n"));
DbgDump_Bin
BOOLEAN
__stdcall
DbgDump_Bin(
PCHAR Msg,
ULONG Length
);
DbgDump_Bin() sends to log specified number of bytes. Such messages are displayed as HEX-dump/
Example:
DbgDump_Printn("0123456789",
sizeof("0123456789"));
will display the following:
30 31 32 33 34 35 36 37 - 38 39 00
DbgDump_PostMsgEx
BOOLEAN
__stdcall
DbgDump_PostMsgEx(
PDbgPrnHk_PostMessageEx_USER_IN pPutMsgBuf
);
DbgDump_PostMsgEx() sends to log buffer completly filled packet (in internal format), containing along with debug message itself
still timestamp, Process ID, Thread ID, CPU number, etc.
Example:
PDbgPrnHk_PostMessageEx_USER_IN pPutMsgBuf;
pPutMsgBuf = (PDbgPrnHk_PostMessageEx_USER_IN)
GlobalAlloc(GMEM_FIXED, sizeof(DbgPrnHk_PostMessageEx_USER_IN)+2048);
memset(pPutMsgBuf, 0, sizeof(DbgPrnHk_PostMessageEx_USER_IN));
//pPutMsgBuf->TimeStamp.QuadPart = 0; // already 0, will be auto-assigned
pPutMsgBuf->ThreadId = (PVOID)(-1); // unknown
//pPutMsgBuf->Irql = 0; // already 0
pPutMsgBuf->CpuNumber = 0xff; // unknown
pPutMsgBuf->CallerMode = 1; // user mode
pPutMsgBuf->Length = (USHORT)length;
pPutMsgBuf->ProcessId = ProcessId;
memcpy(pPutMsgBuf->Msg, pmessage, length);
DbgDump_PostMsgEx(pPutMsgBuf);
You can also find sample in sdk\test\ directory.
Requirements
In order to use DbgPrint logger SDK you must install DbgPrnHk
driver (see -drv switch in DbgPrintLog.exe manual).
You shell also use DbgPrintLog.exe fo saving captured logs. I would recommend Boot, System or
Automatic driver startup mode (acording to your needs).
It is also reasonable to use DbgPrintLog.exe as service
(see -svc switch in DbgPrintLog.exe manual)
Knowledge base
If you use VS.NET and your debug messages are captured with .NET debugger, try the solution
look here on RSDN
Please, send your comments and propositions here:
alterX@alter.org.ua (remove X)
|
