DebugLogger is a software driver that lets you log kernel-mode debug output into a file on Windows. DebugLogger can be understood as an open source implementation of Sysinternals DebugView with limited functionality.
Monitoring debug output is one of the most essential tasks for developing and debugging device drivers on Windows. Developers can easily do this by either attaching a kernel-debugger to the target system or using DebugView, which allows developers to view debug output without attaching a kernel-debugger.
Unfortunately, neither is an option when:
- your target system cannot run DebugView and does not have a necessary interface to physically attach a kernel-debugger
- and, a virtual machine as a target system is unavailable
The primary example of this situation is ARM64. I, for example, have an ASUS NovaGo TP370QL running Windows 10 on ARM64 processors, and it does not have an interface to attach a kernel-debugger. Also, neither DebugView nor any virtualization solution I am familiar with supports Windows on ARM64 processors.
I was also under the exact same circumstance when I was developing a device driver for Windows RT, which ran on ARM processors. I ended up with writing a file-based logger to circumvent the issue, but it was not trivial and necessary work essentially.
Having an open source implementation of DebugView-like tools allows developers to participate in developing device drivers for such uncommon platforms more easily.
To clarify what DebugLogger can and cannot do, here is a brief comparison of DebugLogger and DebugView.
DebugLogger | DebugView | |
---|---|---|
kernel-mode debug output monitoring | YES | YES |
Save debug output to a file | ALWAYS | YES |
Enabling verbose kernel output | ALWAYS | YES |
User-mode debug output monitoring | NO | YES |
Boot time monitoring | NO | YES |
Remote-system monitoring | NO | YES |
Debug output inclusion / exclusion filters | NO | YES |
Support of x86 Windows | NO | YES |
Support of Windows 7 and older | NO | YES |
Support of x64 Windows 10 | YES | NO BUT WORKS |
Support of ARM64 Windows | YES | NO |
Open source | YES | NO |
For the pre-compiled file for ARM64, goto Releases and download the latest release.
To build DebugLogger from source code, clone full source code from Github with the below command and compile it on a supported version of Visual Studio.
$ git clone https://github.com/tandasat/DebugLogger.git
You have to enable test signing to install the driver before installing it. To do that, open the command prompt with the administrator privilege and run the following command, and then restart the system to activate the change:
>bcdedit /set testsigning on
To install and uninstall the DebugLogger driver, use the sc
command. For
installation and start:
>sc create DebugLogger type= kernel binPath= C:\Users\user\Desktop\DebugLogger.sys
>sc start DebugLogger
For uninstallation:
>sc stop DebugLogger
>sc delete DebugLogger
>bcdedit /deletevalue testsigning
All captured debug output are saved in C:\Windows\DebugLogger.log
.
Any tail -f
like command lets you view contents of this file real-time and
gives similar user experience as DebugView does. The below command does this:
> powershell Get-Content -Path C:\Windows\DebugLogger.log -Wait
Here is an example output from Process Hacker's KProcessHacker3 driver on the ARM64 system.
For the testing purpose, the test driver TestDriver
is included in the project.
Install and run this driver using the sc
command to see output.
- Visual Studio 2017 Preview (15.8 Preview 1 or later)
- You will need additional Visual Studio components to compile device drivers for ARM64 processors. See Building ARM64 Drivers with the WDK for more information.
- Windows 10 on ARM64 or x64