如何在windows 7及更高版本中查看debugview的output而无需重启电脑?
[英]How to view debugview's output in windows 7 and later without having to restart the computer?
问题描述
The method i know to be able to capture kernel debug data in windows 7+, is to add Debug Print Filter registry key in the registry, but this requires a reboot.
我知道能够在 windows 7+ 中捕获 kernel 调试数据的方法是在注册表中添加 Debug Print Filter 注册表项,但这需要重新启动。
Is there any method that enables me to capture kernel debug messages without having to reboot the computer in windows 7, 10,..?有什么方法可以让我捕获 kernel 调试消息,而无需在 windows 7、10、.. 中重新启动计算机?
2 个解决方案
解决方案1
0 2021-01-27 14:12:15
Try to enable the following 4 options:尝试启用以下 4 个选项:
解决方案2
0 已采纳 2021-01-27 19:50:38
C:>echo no registry key C:>回显无注册表项
no registrykey
C:>reg query "hklm\system\currentControlSet\Control\Session manager\Debug" C:>reg 查询 "hklm\system\currentControlSet\Control\Session manager\Debug"
ERROR: The system was unable to find the specified registry key or value.
C:>reg query "hklm\system\currentControlSet\Control\Session manager" | C:>reg 查询 "hklm\system\currentControlSet\Control\Session manager" | grep -i De grep -i 德
HeapDeCommitFreeBlockThreshold REG_DWORD 0x0
HeapDeCommitTotalFreeThreshold REG_DWORD 0x0
ExcludeFromKnownDlls REG_MULTI_SZ
ProtectionMode REG_DWORD 0x1
HKEY_LOCAL_MACHINE\system\currentControlSet\Control\Session manager\DOS Devices
C:>echo no bcdedit/debug on C:>echo no bcdedit/debug on
no bcdedit/debug on
C:>powershell -c "bcdedit /enum | select-string 'debug' " C:>powershell -c "bcdedit /enum | select-string 'debug'"
debug No
C:>echo running dbgview to capture kernel debug prints C:>echo 运行 dbgview 以捕获 kernel 调试打印
running dbgview to capture kernel debug prints
C:>dbgview /v /l dbgviewnoregkeynodebugon.txt C:>dbgview /v /l dbgviewnoregkeynodebugon.txt
C:>echo starting livekd so that it makes a few kdprints C:>echo 启动 livekd 以便生成一些 kdprints
starting livekd so that it makes a few kdprints
C:\>livekd
LiveKd v5.62 - Execute kd/windbg on a live system
For analysis of this file, run !analyze -v
kd> q
quit:
Execute Kd again? (y/n) n
Exiting LiveKd.
C:>echo running a OutputDebugString C:>echo 运行 OutputDebugString
running a OutputDebugString
C:\>type odbgstr.ps1
methdef = @'
[DllImport("kernel32")]
public extern static void OutputDebugString(string lpout);
'@
$k32 = Add-Type -MemberDefinition $methdef -Name "kout" -PassThru -Namespace Win32
$k32::OutputDebugString("Notoriously Difficult Debug prints")
C:\>powershell -f odbgstr.ps1
C:>echo printing the log C:>回显打印日志
printing the log
C:\>cat dbgviewnoregkeynodebugon.txt
[\\xxxxx]
00000001 1:11:00.860 AM [87A7BED8] WskProIRPGetAddrInfo is called.
00000002 1:11:00.860 AM [bind=874FA5D0] Binding reference count++ = 2 (status = 00000000, impersonation= 2).
00000003 1:11:00.860 AM [8745F8E8] Request reference count++ = 3.
00000004 1:11:00.860 AM [8745F8E8] RPC method type = 1: rpc-method succeeded, queue to rpc-pending-list.
00000005 1:11:00.860 AM [8745F8E8] Request reference count-- = 2.
00000006 1:11:03.487 AM [8745F8E8] WskKnrRpcComplete: rpc calls back for completion.
00000007 1:11:03.487 AM [8745F8E8] WskKnrCompletePending: complete pending request (rpc=1).
00000008 1:11:03.487 AM [8745F8E8] Request reference count-- = 1.
00000009 1:11:03.487 AM [8745F8E8] Request reference count-- = 0.
00000010 1:11:03.487 AM [8745F8E8] WskKnrCompleteRequest: rpc completion return status = 00000000 (reply=c0000272).
00000011 1:11:03.487 AM [8745F8E8] WskProAPIGetAddressInfo returned addrinfo: [addr=00000000].
00000012 1:11:03.487 AM [bind=874FA5D0] Binding reference count-- = 1.
00000013 1:11:03.487 AM [8745F8E8] WskKnrCompleteRequest: complete irp with IO status = c0000272.
00000014 1:12:29.977 AM [4908] Notoriously Difficult Debug prints
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.