-
Notifications
You must be signed in to change notification settings - Fork 9
/
Viewing Debug Messages.txt
12 lines (10 loc) · 1.05 KB
/
Viewing Debug Messages.txt
1
2
3
4
5
6
7
8
9
10
11
12
So apparently if your debugging a target in kernel debugging mode and the guest is Windows Vista+, DbgPrint is mapped
to DbgPrintEx, which allows one to "control the conditions under which messages will be sent to the kernel debugger
by filtering messages via a component name and level in the function call and an associated filter mask in either
the registry or in memory." (http://www.osronline.com/article.cfm?article=295)
According to http://www.osronline.com/article.cfm?article=295, one can fix this via two methods. The method
I tried was to create the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter
and create a REG_DWORD underneath this called DEFAULT which I set to a value of 0xF to view all debug output.
This appears to work and needs to be done on the guest. If the above instructions are confusing one can find a further
explanation at http://www.osronline.com/article.cfm?article=295, however note they use the shorthand version of the
registry values (ex HKEY_LOCAL_MACHINE is HKLM and CurrentControlSet is CCS)