DbgView is a free tool for grabbing log, capturing and outputting the output of the OutputDebugString () function, and outputting the Dbgprint log in Windows Driver for Windows driver It is very helpful to develop and debug.
However, the tool has not been updated for a long time, the latest version is the V4.81 version, is the remote December 2012 release, the specific download link is:
https://technet.microsoft.com/en-us/sysinternals/debugview.aspx?f=255&MSPPError=-2147217396
Currently Dbgview.exe used under Windows 10, there will be a small problem:
When "Capture kernel" is turned on, the AP is shut down after running once dbgview, and it is usually no longer "capture kernel" when it is opened again. Tips for error such as:
This will result in DbgView not "Capture Kernel" unless the PC is restarted. This is very inconvenient.
Several points were found in the study of DbgView and "Dbgv.sys":
1. Dbgview.exe at startup, the corresponding resource is found in the EXE, then the part is generated with a "Dbgv.sys" in the system directory, and then the SYS is started.
2. After successful launch, delete the "Dbgv.sys" file. So normal in Win7 and other systems are unable to see the "Dbgv.sys" this file.
3. When DbgView is run for the second time, "Dbgv.sys" is also extracted and the previous file (if the file exists) is rewritten.
4. However, in Win 10, the total delete of this file in step 2 will fail, and the rewrite in step 3 is also a failure. Guess Windows 10 is forbidden to rewrite the SYS file that has already been run.
5. After overwrite failed, DbgView thought that "Dbgv.sys" could not be run correctly, so pop up the error message above.
6. DbgView is creating and start a service "Dbgvsvc" when running "Dbgv.sys", but it is strange that the service is not found in the system.
Based on the above analysis, some strategies are created to try to avoid the problems mentioned in the article:
1. Before opening dbgview again, try to find "dbgvsvc" service, and stop service and then run DbgView, but failed to find "dbgvsvc" service, the policy is not effective;
2. Before opening the DbgView again, try to delete the "Dbgv.sys" file and then run DbgView, but the file could not find a valid method to delete successfully, the policy does not take effect;
3. accidentally found "Dbgv.sys" can be renamed, rename the file and then run DbgView will be OK. However, the flaw of this method is that the renamed file is deleted after a reboot, otherwise the file will persist. This method is very friendly for users who do not want to use my modified dbgview.
4. After you decompile the DbgView, rewrite the DbgView "Dbgv.sys" after the failed code, you can continue to play in Windows 10 like in the previous OS fun. The modified FakeDbgView.exe can be downloaded in Https://pan.baidu.com/s/1o8TbqjC. This version is modified based on the version of V4.81.
DbgView cannot "capture kernel" when it is turned off again in Windows 10