Skip to content

A software driver that lets you log kernel-mode debug output into a file on Windows.

License

Notifications You must be signed in to change notification settings

wyyrepo/DebugLogger

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

DebugLogger

Introduction

DebugLogger is a software driver that lets you log kernel-mode debug output into a file on Windows. DebugLogger can be understood as an open source implementation of Sysinternals DebugView with limited functionality.

Motivation

Monitoring debug output is one of the most essential tasks for developing and debugging device drivers on Windows. Developers can easily do this by either attaching a kernel-debugger to the target system or using DebugView, which allows developers to view debug output without attaching a kernel-debugger.

Unfortunately, neither is an option when:

  • your target system cannot run DebugView and does not have a necessary interface to physically attach a kernel-debugger
  • and, a virtual machine as a target system is unavailable

The primary example of this situation is ARM64. I, for example, have an ASUS NovaGo TP370QL running Windows 10 on ARM64 processors, and it does not have an interface to attach a kernel-debugger. Also, neither DebugView nor any virtualization solution I am familiar with supports Windows on ARM64 processors.

I was also under the exact same circumstance when I was developing a device driver for Windows RT, which ran on ARM processors. I ended up with writing a file-based logger to circumvent the issue, but it was not trivial and necessary work essentially.

Having an open source implementation of DebugView-like tools allows developers to participate in developing device drivers for such uncommon platforms more easily.

Comparison

To clarify what DebugLogger can and cannot do, here is a brief comparison of DebugLogger and DebugView.

DebugLogger DebugView
kernel-mode debug output monitoring YES YES
Save debug output to a file ALWAYS YES
Enabling verbose kernel output ALWAYS YES
User-mode debug output monitoring NO YES
Boot time monitoring NO YES
Remote-system monitoring NO YES
Debug output inclusion / exclusion filters NO YES
Support of x86 Windows NO YES
Support of Windows 7 and older NO YES
Support of x64 Windows 10 YES NO BUT WORKS
Support of ARM64 Windows YES NO
Open source YES NO

Usage

For the pre-compiled file for ARM64, goto Releases and download the latest release.

To build DebugLogger from source code, clone full source code from Github with the below command and compile it on a supported version of Visual Studio.

$ git clone https://github.com/tandasat/DebugLogger.git

You have to enable test signing to install the driver before installing it. To do that, open the command prompt with the administrator privilege and run the following command, and then restart the system to activate the change:

>bcdedit /set testsigning on

To install and uninstall the DebugLogger driver, use the sc command. For installation and start:

>sc create DebugLogger type= kernel binPath= C:\Users\user\Desktop\DebugLogger.sys
>sc start DebugLogger

For uninstallation:

>sc stop DebugLogger
>sc delete DebugLogger
>bcdedit /deletevalue testsigning

Output

All captured debug output are saved in C:\Windows\DebugLogger.log.

Any tail -f like command lets you view contents of this file real-time and gives similar user experience as DebugView does. The below command does this:

> powershell Get-Content -Path C:\Windows\DebugLogger.log -Wait

Here is an example output from Process Hacker's KProcessHacker3 driver on the ARM64 system. ExampleWithProcessHacker

For the testing purpose, the test driver TestDriver is included in the project. Install and run this driver using the sc command to see output.

Supported Platforms

  • Visual Studio 2017 Preview (15.8 Preview 1 or later)
  • Windows 10 on ARM64 or x64

About

A software driver that lets you log kernel-mode debug output into a file on Windows.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C++ 100.0%