FileSystem MiniFilter驱动程序编译与WDK 8.0不显示DbgPrint输出（DbgView / Win7 32位） [英] FileSystem MiniFilter Driver compiled with WDK 8.0 not showing DbgPrint output (DbgView/Win7 32 bit)

问题描述

我使用WDK 7.0构建实用程序编写并编译了一个微型驱动程序，用于Windows 7 32位。然后我使用OSR的驱动程序加载程序实用程序将其安装在运行在VMWare上的Windows 7（32位）机器上。当我运行DbgView时，我可以准确地看到DbgPrint输出。

然后，我编译了使用WDK 8.0集成在Microsoft Visual Studio Pro 2012 for Windows 7（32位）。这样创建了3个文件，一个sys，cat和inf文件。我将驱动程序安装在运行在VMWare上的Windows 7（32位）机器上，右键单击inf文件并选择安装。然后我从命令提示符开始服务，这开始很好。但即使它是相同的代码/驱动程序，我看不到使用WDK 8.0 / VS2012 Pro编译的驱动程序DbgView中的DbgPrint输出。以下是实际执行打印的代码（IRP_MJ_CREATE的Post操作回调函数）：

  FLT_POSTOP_CALLBACK_STATUS CreateFilePostOpCallback（__ in PFLT_CALLBACK_DATA Data，__in PCFLT_RELATED_OBJECTS FltObjects，
 __in_opt PVOID CompletionContext，__in FLT_POST_OPERATION_FLAGS标志）
 {
 PFLT_FILE_NAME_INFORMATION fileNameInfo; 
 NTSTATUS状态; 
 
 UNREFERENCED_PARAMETER（FltObjects）; 
 UNREFERENCED_PARAMETER（CompletionContext）; 
 UNREFERENCED_PARAMETER（Flags）; 
 
 status = FltGetFileNameInformation（Data，FLT_FILE_NAME_NORMALIZED | FLT_FILE_NAME_QUERY_DEFAULT，& fileNameInfo）; 
 
 if（！NT_SUCCESS（status））
 return FLT_POSTOP_FINISHED_PROCESSING; 
 
 FltParseFileNameInformation（fileNameInfo）; 
 
 DbgPrint（％wZ created / opened，& fileNameInfo-> Name）; 
 
 FltReleaseFileNameInformation（fileNameInfo）; 
 
返回FLT_POSTOP_FINISHED_PROCESSING; 
} 
  

我在这里缺少什么？

解决方案

在vista及以上 DbgPrint 消息默认情况下被屏蔽。

在您的WinDbg提示符下尝试此操作

  ed Kd_DEFAULT_Mask 8 
  pre> 
 
 
请参阅此问题内核跟踪Windows 7 WinDbg 或这篇文章 DbgPrint in vista and later  for more细节。
 
I wrote and compiled a minifilter driver using WDK 7.0 build utility for Windows 7 32 bit. Then i installed it on a Windows 7 (32 bit) machine running on VMWare using OSR's driver loader utility. When i ran DbgView, i could see the DbgPrint output accurately.

Then i compiled that very same driver using WDK 8.0 integrated in Microsoft Visual Studio Pro 2012 for Windows 7 (32 bit). That created 3 files as a result, a sys, cat and inf file. I installed the Driver on a Windows 7(32 bit) machine running on VMWare, by right clicking the inf file and selecting 'install'. Then i started the service from command prompt which started fine. But even though it was the same code/driver, i cannot see the DbgPrint output in DbgView, from the driver that was compiled using WDK 8.0/VS2012 Pro. Here is the code that actually does the printing (Post Operation Callback function for IRP_MJ_CREATE):
FLT_POSTOP_CALLBACK_STATUS CreateFilePostOpCallback(__in PFLT_CALLBACK_DATA Data, __in PCFLT_RELATED_OBJECTS FltObjects,
                                                    __in_opt PVOID CompletionContext, __in FLT_POST_OPERATION_FLAGS Flags)
{
    PFLT_FILE_NAME_INFORMATION fileNameInfo;
    NTSTATUS status;

    UNREFERENCED_PARAMETER(FltObjects);
    UNREFERENCED_PARAMETER(CompletionContext);
    UNREFERENCED_PARAMETER(Flags);

    status = FltGetFileNameInformation(Data, FLT_FILE_NAME_NORMALIZED|FLT_FILE_NAME_QUERY_DEFAULT, &fileNameInfo);

    if(!NT_SUCCESS(status))
        return FLT_POSTOP_FINISHED_PROCESSING;

    FltParseFileNameInformation(fileNameInfo);

    DbgPrint("%wZ created/opened", &fileNameInfo->Name);

    FltReleaseFileNameInformation(fileNameInfo);

    return FLT_POSTOP_FINISHED_PROCESSING;
}
What am i missing here?
解决方案
In vista and above DbgPrint messages get masked by default.

Try this in your WinDbg prompt
ed Kd_DEFAULT_Mask 8
Refer to this question Kernel trace Windows 7 WinDbg or this article DbgPrint in vista and later for more details.

                        
这篇关于FileSystem MiniFilter驱动程序编译与WDK 8.0不显示DbgPrint输出（DbgView / Win7 32位）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！