Alter.Org.UA
 << Back Home UK uk   Donate Donate

DbgPrint logger
for
NT3.51/NT4/NT4-TS/w2k/XP/2k3/2k3-r2/Vista and WinPE/BartPE/MobileOS

DbgPrint logger home

DbgPrint logger Registry settings


[HKLM\SYSTEM\CurrentControlSet\Services\DbgPrintLog]
REG_SZ:CmdLine

Command line switches for running DbgPrintLog.exe as service. All switches described here are available except -svc and -drv. For compatibility issue the first element of this parameter string must contain name of the executable. This value is mandatory for service mode.


[HKLM\SYSTEM\CurrentControlSet\Services\DbgPrintLog]
REG_SZ:WorkingDirectory

The directory where captured logs will be stored. This value is mandatory for service mode.


[HKLM\SYSTEM\CurrentControlSet\Services\DbgPrnHk]
DWORD:BufferSize

Driver buffer size in KBytes. The size is automatically aligned on power of 2. 1Mb (1024 Kb) is used by default.


[HKLM\SYSTEM\CurrentControlSet\Services\DbgPrnHk]
DWORD:CheckIrql

Added capability of catching debug messages on Irql > DISPATCH_LEVEL. This feature is not critical for NT4, however DDK states that DbgPrint() can be used on Irql <= DISPATCH_LEVEL. But my UniATA driver successfully used it. Under w2k and higher I met a trouble. DbgPrint() was no longer usable on raised Irql. If you set this value to DWORD:0x00000001, driver will continue capturing debug-messages, but will not pass them to real DbgPrint() on Irql > DISPATCH_LEVEL. Value DWORD:0x00000000 disables this check (used by default).


[HKLM\SYSTEM\CurrentControlSet\Services\DbgPrnHk]
DWORD:DoNotPassMessagesDown 

Option for blocking debug messages to pass down to DebugPrint(). If you set this value to DWORD:0x00000001, driver will continue capturing debug-messages, but will not pass them to real DbgPrint() at all. Value DWORD:0x00000000 disables message blocking (used by default). Is very useful for debugging over COM, IEE1394 or USB2.0 cable. Message stream shall not slow terget system down, but you can download latest messages with Kernel Debugger extension when necessary.


[HKLM\SYSTEM\CurrentControlSet\Services\DbgPrnHk]
DWORD:StopOnBufferOverflow

Option for managing priority for old/new debug messages. If you set this value to DWORD:0x00000001, driver will drop newer debug-messages when buffer becomes full. Value DWORD:0x00000000 means that older messages will be popped-out with newer ones (used by default).

Since v 0.6d value DWORD:0x00000002 causes driver to invoke Kernel Debugger when message buffer gets full. System shall stop on int 3 CPU instruction and you will be able to view or save messages from buffer with Kernel Debugger extension, commands !dbgprn.ls and !dbgprn.save respectively.
Attention ! Do not use this option if your system is not connected to MS Kernel Debugger or SoftIce - Blue Screan Of Death will have you.
This option is useful together with DoNotPassMessagesDown=2.


[HKLM\SYSTEM\CurrentControlSet\Services\DbgPrnHk]
DWORD:TimeStampType

Option for managing timestamp generation method. If you set this value to DWORD:0x00000000 (default value), driver will use standard function KeQueryPerformanceCounter(). This function is available under all NT-family OS'es, but consumes significant amount of resources. In some cases often calls to KeQueryPerformanceCounter() prevent system from boot. This happens at least with UniATA).
Value DWORD:0x00000001 instructs driver to use RDTSC CPU instruction. This is perfect method, but requires at least Intel Pentium or AMD-k5 CPU.
Value DWORD:0x00000002 cause driver to use KeQuerySystemTime(). This method doesn't give precise time.

Appeared since DbgPrint 0.4c


[HKLM\SYSTEM\CurrentControlSet\Services\DbgPrnHk]
DWORD:AggregateMessages

This option controls aggregation of rapidly coming sequential short debug-messages from same thread. If you set this value to DWORD:0x00000001, driver will store sequential messages as a single one. This mode uses buffer more effectively, but gives a little lower timestamp precision. Value DWORD:0x00000000 means that all messages will be stored in buffer separately (used by default).


[HKLM\SYSTEM\CurrentControlSet\Services\DbgPrnHk]
DWORD:DumpStackFramePtr

This option controls appending of Stack Frame Pointer's value to log records. Value DWORD:0x00000000 disables this feature (used by default).

Appeared since DbgPrint 0.7


<< Back designed by Alter aka Alexander A. Telyatnikov powered by Apache+PHP under FBSD © 2002-2024