FileSystem MiniFilter Driver compiled with WDK 8.0 not showing DbgPrint output (DbgView/Win7 32 bit)

末鹿安然 提交于 2019-12-01 09:24:11

问题


I wrote and compiled a minifilter driver using WDK 7.0 build utility for Windows 7 32 bit. Then i installed it on a Windows 7 (32 bit) machine running on VMWare using OSR's driver loader utility. When i ran DbgView, i could see the DbgPrint output accurately.

Then i compiled that very same driver using WDK 8.0 integrated in Microsoft Visual Studio Pro 2012 for Windows 7 (32 bit). That created 3 files as a result, a sys, cat and inf file. I installed the Driver on a Windows 7(32 bit) machine running on VMWare, by right clicking the inf file and selecting 'install'. Then i started the service from command prompt which started fine. But even though it was the same code/driver, i cannot see the DbgPrint output in DbgView, from the driver that was compiled using WDK 8.0/VS2012 Pro. Here is the code that actually does the printing (Post Operation Callback function for IRP_MJ_CREATE):

FLT_POSTOP_CALLBACK_STATUS CreateFilePostOpCallback(__in PFLT_CALLBACK_DATA Data, __in PCFLT_RELATED_OBJECTS FltObjects,
                                                    __in_opt PVOID CompletionContext, __in FLT_POST_OPERATION_FLAGS Flags)
{
    PFLT_FILE_NAME_INFORMATION fileNameInfo;
    NTSTATUS status;

    UNREFERENCED_PARAMETER(FltObjects);
    UNREFERENCED_PARAMETER(CompletionContext);
    UNREFERENCED_PARAMETER(Flags);

    status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED|FLT_FILE_NAME_QUERY_DEFAULT, &fileNameInfo);

    if(!NT_SUCCESS(status))
        return FLT_POSTOP_FINISHED_PROCESSING;

    FltParseFileNameInformation(fileNameInfo);

    DbgPrint("%wZ created/opened", &fileNameInfo->Name);

    FltReleaseFileNameInformation(fileNameInfo);

    return FLT_POSTOP_FINISHED_PROCESSING;
}

What am i missing here?


回答1:


In vista and above DbgPrint messages get masked by default.

Try this in your WinDbg prompt

ed Kd_DEFAULT_Mask 8

Refer to this question Kernel trace Windows 7 WinDbg or this article DbgPrint in vista and later for more details.




回答2:


Have you tried to compile with WDK 8 for Windows 8/Windows server 2012

For debug prints work for Windows 7 which is compiled with WinDDK, but for Windows 8/Server 2012 it has to be compiled with WDK 8 and debug information not printing.




回答3:


Alternatively, you could simply write a little reg script that would enable them by default. The registry key in question is:

  1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter
  2. Value: DEFAULT
  3. Data: 0x8

Also check this.



来源:https://stackoverflow.com/questions/14082764/filesystem-minifilter-driver-compiled-with-wdk-8-0-not-showing-dbgprint-output

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!