Logging the Debug Statements

Previous page
Table of content
Next page
 < Day Day Up > 

Debug statements provide a way for the developer to log important information while a driver executes. In order to log the messages, you need a debug message capturing tool. A useful tool for capturing debug statements is called Debug View, and is available from www.sysinternals.com. This tool is free.

Debug statements can be used to print tombstones, markers to indicate that particular lines of code have executed. Using debug statements can sometimes be easier than using a single-step debugger like SoftIce or WinDbg. This is because running a tool to capture debug statements is very easy, while configuring and using a debugger is complex. With debug statements, return codes can be printed or error conditions detailed. Figure 2-2 shows an example of a call-hooking rootkit sending debug output to the system.

Figure 2-2. DebugView captures output from a kernel rootkit.


You can print debug statements with Windows drivers by using the following call:

 DbgPrint("some string");

Many debug or kernel-level logging functions such as DbgPrint are available with most operating systems. For example, under Linux, a loadable module can use the printk(...) function.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Rootkits(c) Subverting the Windows Kernel
    Rootkits: Subverting the Windows Kernel
    ISBN: 0321294319
    EAN: 2147483647
    Year: 2006
    Pages: 111
    Authors: Greg Hoglund, Jamie Butler
    BUY ON AMAZON
    Network Security Architectures
    Special Edition Using Crystal Reports 10
    Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
    What is Lean Six Sigma
    Quantitative Methods in Project Management
    Python Standard Library (Nutshell Handbooks) with
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy