Prev: event viewer question
Next: Best way to determine a well-known SID?
From: Aiman Ashraf on 6 Feb 2010 00:46
First of all, all apologies for the usual newbie stupidity.

I want to modify microsoft's passthru network filter driver to be able
to view all the data coming and going out of network device.
It seems that messages from DEBUGP can only be viewed using a 2
machine setup with one OS in debug mode. Is this correct?
Unfortunately I dont have 2 machines.
I want to know what's the best option for debugging (like the usual
printf statements). I tried to write to a file ZwxxxFile operations
but it seems that's not allowed because this driver is on
DISPATCH_LEVEL irql.
It seems that the only option is to use IOCTLs to interface with the
driver?

Any help is surely appreciated.
From: Don Burn on 6 Feb 2010 07:58
If you cannot have two machines then get a virtual machine environment to
debug this in. Debugging with print statements is worthless, do not go
there. There are tools such as Mark Russinovich's DebugView
http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx but you are
not going to get a good driver without WinDBG and that requires to machines
or virtual environments.

Note: driver developers hang out at
microsoft.public.development.device.drivers this forum is more for the
general systems programming stuff.


--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply




"Aiman Ashraf" <kurtrips(a)gmail.com> wrote in message
news:8d8eb907-73a5-4b7b-917f-598b3e5fd932(a)n33g2000yqb.googlegroups.com...
> First of all, all apologies for the usual newbie stupidity.
>
> I want to modify microsoft's passthru network filter driver to be able
> to view all the data coming and going out of network device.
> It seems that messages from DEBUGP can only be viewed using a 2
> machine setup with one OS in debug mode. Is this correct?
> Unfortunately I dont have 2 machines.
> I want to know what's the best option for debugging (like the usual
> printf statements). I tried to write to a file ZwxxxFile operations
> but it seems that's not allowed because this driver is on
> DISPATCH_LEVEL irql.
> It seems that the only option is to use IOCTLs to interface with the
> driver?
>
> Any help is surely appreciated.
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4841 (20100206) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>



__________ Information from ESET NOD32 Antivirus, version of virus signature database 4841 (20100206) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




 | 
Pages: 1
Prev: event viewer question
Next: Best way to determine a well-known SID?