DbgPrint logger
DbgPrint logger home
Command line reference (legacy, v0.5)
Command line switches for DbgPrintLog:
Usage:
DbgPrintLog.exe [<switches>] [<log-file name>]
Switches:
Log-file format:
-m write initiator mode (K - kernel, U - user) to log
-p write ProcessId to log
-t write ThreadId to log (for kernel-mode only)
-i write IRQL to log (for kernel-mode only)
-cpu write CPU num to log (for kernel-mode only)
--full same as -m -p -t -i
-T FMT specify absolute time format FMT. FMT string can contain
the following switches: D - date, T - time, N - high precision time
R - relative time (tick count), U - UTC time
-fm M do not log messages from <M> mode
<M> can be K - kernel or U - user
Log-file control:
-s NUM set max log-file size to NUM Mbytes (0 < NUM < 2048)
128Mb is used by default
-S NUM does like -s, but sets initial file size to specified value.
Is intended mainly for use by GUI tool.
-x NUM create index file for each log file.
Is intended mainly for use by GUI tool.
-l NUM keep NUM latest log files
-n NUM set start log number to NUM
-ft NUM flush messages buffer after NUM seconds of inactivity
-sm synchronous mode. all messages are flushed immediately
-cf copy log to both STDOUT and file
-wd DIR specify working directory
Output data stream control:
-o
or
--stdout write log to STDOUT instead of file
--no_out do not write logs anyware
just forward OutputDebugString to driver
Input data stream control:
--stdin read message stream from STDIN
--in_file FILENAME
read message stream from FILENAME
--in_drv read message stream from the driver (default)
--no_drv do not use driver for message routing
Run mode:
-svc MOD install or uninstall as service. MOD specify startup mode:
A - automatic, M - manual, U - uninstall. 'A' is used by default
if MOD is omited.
-drv MOD Specify driver startup mode:
1 - very first (boot), B - boot, S - system,
A - automatic, M - manual, U - uninstall
'M' is used by default if MOD is omited.
--drvopt OPTION_NAME VALUE
Specify driver startup option. Valid OPTION_NAMEs are
CheckIrql, BufferSize, DoNotPassMessagesDown,
StopOnBufferOverflow, TimeStampType
Read documentation for each option description
-rd restart and reinstall driver before start
-h display this help message
Console commands reference
When DbgPrintLog is running as console application, you
can control it with the following hot-keys:
Commands:
'Esc' - exit
'N' - start new log
'F' - flush log buffer
'H' - display this help message
Mode switchers (toggle on/off):
'Space' - pause
'S' - synchronous mode
'C' - copy log to stdout
'K' - capture kernel messages
'U' - capture user-mode messages
Examples
Logging Boot-driver
If you want to capture logs generated during initial boot phase, for example logs from SCSI/IDE drivers,
I would recommend the following install options for DbgPrintLog:
DbgPrintLog.exe -full -T DTN -wd X:\dir_for_logs -drv 1 -svc A -drvopt DoNotPassMessagesDown 1
-drvopt StopOnBufferOverflow 1 -drvopt BufferSize 16384 BootInit.log
With such settings driver shall intercept all calls to DbgPrint() and store messages in its internal
16Mb buffer. When buffer gets full, newer messages shall be dropped until service is started.
Then all stored logs are written down to file and capturing process contuniues in normal way.
Because debug messages are not passed to the original DbgPrint() routine, you can sefely
produce logs on high IRQLs.
Logging System-driver
If you want to capture logs generated by drivers with system startup type, for example from CDROM driver,
I would recommend the following install options:
DbgPrintLog.exe -full -T DTN -wd X:\dir_for_logs -drv B -svc A
-drvopt StopOnBufferOverflow 1 -drvopt BufferSize 16384 SystemDrivers.log
With such settings driver shall intercept all calls to DbgPrint() and store messages in its internal
16Mb buffer. When buffer gets full, newer messages shall be dropped until service is started.
Then all stored logs are written down to file and capturing process contuniues in normal way.
÷ebug messages are passed to the original DbgPrint() routine, thus you should not
produce logs on high IRQLs.
Logging Logon process
If you want to capture logs generated during logon process, for example from gina.dll,
I would recommend you to use
DbgPrint logger SDK
for debug output in your application
instead of standard OutputDebugString(). This is because OutputDebugString() capturing
requires DbgPrintLog.exe to be already started, but it can be not started yet.
I would recommend the following install options:
DbgPrintLog.exe -p -t -T DT -wd X:\dir_for_logs -drv S -svc A Logon.log
Driver shall store messages in its internal 1Mb buffer (default size). When buffer gets full,
the most old messages shall be dropped.
When service gets started all stored logs are written down to file and capturing
process contuniues in normal way.
Logging on demand
If you want to capture logs generated during logon process, for example from gina.dll,
I would recommend the following install options:
DbgPrintLog.exe -p -fm K -T DT -wd X:\dir_for_logs MyApp.log
User mode part of the utility shall capture all messages coming through OutputDebugString()
and store them in a file. No kernel messages from DbgPrint() shall be captured.
You can control log capturing process in console window with help of keyboard.
Deinstall
You you need to disable automatic launch of this utility, use the following command:
DbgPrintLog.exe -drv U -svc U
DbgPrintLog main page
Please, send your comments and propositions here:
alterX@alter.org.ua (remove X)
|
