開發驅動時用到的核心列印函式KdPrint 的使用方法
DbgPrint會傳送一個訊息給核心偵錯程式。
DbgPrint and DbgPrintEx can be called at IRQL<=DIRQL. However, Unicode format codes (%wc and %ws) can be used only at IRQL PASSIVE_LEVEL. Also, because the debugger uses interprocess interrupts (IPIs) to communicate with other processors, callingDbgPrint at IRQL>DIRQL can cause deadlocks.
僅能在核心模式下使用DbgPrint函式。如果想在使用者模式下使用列印到windbg上檢視,得用OutPutDebugString。
In Windows Vista and later versions of Windows, DbgPrint sends a message only if certain conditions apply. Specifically, it behaves like theDbgPrintEx routine with the DEFAULT component and a message importance level of DPFLTR_INFO_LEVEL. In other words, the following two function calls are identical:
KdPrint使用方法類似printf,注意KdPrint((" ", ));使用的是雙括號。
用KdPrint(())來代替printf 輸出資訊。這些資訊可以在DbgView 中看到。KdPrint(())自身是一個巨集,
為了完整傳入引數所以使用了兩重括弧。這個比DbgPrint 呼叫要稍好。因為在free 版不被編譯。
DebugPrint格式說明符
二、
幾天一直在做那些無聊的實驗,把驅動的學習耽誤到現在。幸好,把那些無聊的實驗寫完。
話說回來,驅動程式設計真的比在RING3下麻煩很多呢,在字串的使用都需要做很多的初始化,搞到我頭都大了,如果是用C就很好理解,但是我用的是彙編~~~。今天,就看了看關於DbgPrint的用法,順便做點筆記。
DbgPrintf,是輸出Debug資訊的,用法跟printf,sprintf,wsprintf類似。
- ULONG
- DbgPrint(
- IN PCHAR Format,
- . . . . [arguments]
- );
1、直接輸出字串,輸出的字串是以NULL結尾的字串(CHAR型別),如:
- invoke DbgPrint,$CTA0("the Driver has loaded.")
2、指定格式輸出字串,輸出得字串可以是以NULL結尾的ASNI字串,也可以是寬字串(WCHAR型別),如:
- invoke DbgPrint,$CTA0("%s"),$CTA0("The Driver has Unloaded.") ;輸出ASNI字串
- invoke DbgPrint,$CTA0("%ws"),$CTW0("The Driver has Unloaded.") ;輸出wchar型別字串
- invoke DbgPrint,$CTA0("%S"),$CTW0("The Driver has Unloaded.") ;輸出wchar型別字串(注意是大寫的S)
3、UNICODE_STRING結構的串的輸出,如:
- ucstShow UNICODE_STRING <?> ;定義一個UNICODE_STRING的結構
- invoke RtlInitUnicodeString,addr ucstShow,$CTW0("This is the fifth debug Information.") ;初始化
- invoke DbgPrint,$CTA0("%wZ"),addr ucstShow
4、混合拼接資訊輸出,如:
- invoke RtlInitUnicodeString,addr ucstShow,$CTW0("hello,I was born in")
- invoke DbgPrint,$CTA0("%wZ %x"),addr ucstShow,dwShow
實際上就是printf,sprintf,wsprintf的用法,很簡單~~
還有很多輸出方式,如下表(網上找的):
以下是隨便寫的測試程式碼:
- ;/**
- ; *************************************************************************
- ; * 檔名稱: Driver.asm
- ; * 版 本:
- ; * 描 述: 學習DbgPrint的用法
- ; * 作 者: zzydog
- ; * 建立日期: 2010
- ; *************************************************************************
- ; */
- .386
- .model flat, stdcall
- option casemap:none
- include Strings.mac
- include w2k\ntstatus.inc
- include w2k\ntddk.inc
- include w2k\ntoskrnl.inc
- includelib ntoskrnl.lib
- includelib ntdll.lib
- ;************************************************************************************
- ;函式定義
- DriverEntry proto pDriverObject:PDRIVER_OBJECT,pusRegistryPath:PUNICODE_STRING
- DirverUnload proto pDriverObject:PDRIVER_OBJECT
- ;************************************************************************************
- .data
- ucstShow UNICODE_STRING <?>
- szShowLoad db "The Dirver has been loaded!",NULL
- szShowUnLoad db "The Driver has been Unloaded!",NULL
- dwShow dd 1990h
- .code
- DriverEntry proc pDriverObject:PDRIVER_OBJECT,pusRegistryPath:PUNICODE_STRING
- invoke DbgPrint,addr szShowLoad
- invoke DbgPrint,$CTA0("This is the first debug Information.")
- invoke DbgPrint,$CTA0("%s"),$CTA0("This is the second debug Information.")
- invoke DbgPrint,$CTA0("%ws"),$CTW0("This is the third debug Information.")
- invoke DbgPrint,$CTA0("%S"),$CTW0("This is the forth debug Information.")
- invoke RtlInitUnicodeString,addr ucstShow,$CTW0("This is the fifth debug Information.")
- invoke DbgPrint,$CTA0("%wZ"),addr ucstShow
- invoke RtlInitUnicodeString,addr ucstShow,$CTW0("hello,I was born in")
- invoke DbgPrint,$CTA0("%wZ %x"),addr ucstShow,dwShow
- assume edx:ptr DRIVER_OBJECT
- mov edx,[pDriverObject]
- mov [edx].DriverUnload,offset DriverUnload
- mov eax,STATUS_SUCCESS
- ret
- DriverEntry endp
- DriverUnload proc pDriverObject:PDRIVER_OBJECT
- invoke DbgPrint,$CTA0("%s"),addr szShowUnLoad
- mov eax,STATUS_SUCCESS
- ret
- DriverUnload endp
- end DriverEntry