flat assembler
Message board for the users of flat assembler.

Index > Main > Help - Calling DbgPrint in fasm??

Author
Thread Post new topic Reply to topic
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
Anyone know how to call DbgPrint in fasm?
I need to know what's happening with some of my fasm code running in a Windows driver . I want to place some calls to DbgPrint in the fasm code so I can see what's happening via WinDbg.
I've declared DbgPrint as extrn and it compiles. When I add a call to DbgPrint it chokes. When I add ntddk.h as an include, the compile complains about something in ntddk.h.
Here's some info on DbgPring:

Quote:
Windows Driver Kit: Driver Development Tools
DbgPrint
In Microsoft Windows Server 2003 and earlier versions of Windows, the DbgPrint routine sends a message to the kernel debugger. In Windows Vista and later versions of Windows, DbgPrint sends a message only if certain conditions apply.

ULONG DbgPrint( IN PCHAR Format, . . . . [arguments] );
Parameters
Format
Specifies a pointer to the format string to print. The Format string supports all the printf-style formatting codes. However, the Unicode format codes (%C, %S, %lc, %ls, %wc, %ws, and %wZ) can only be used with IRQL = PASSIVE_LEVEL.
arguments
Specifies arguments for the format string, as in printf.

Return Value
If successful, DbgPrint returns the NTSTATUS code STATUS_SUCCESS; otherwise it returns the appropriate error code.

Headers
This routine is defined in ntddk.h, wdm.h, and ndis.h. Include ntddk.h, wdm.h, or ndis.h.

Post 08 Jan 2007, 05:23
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
HyperVista: you should decompile C code to see which calling convention is used.

for C code
Code:
DbgPrint("%d %d", 1, 2);    
you should use this asm code:
Code:
push 2
push 1
push _format_string  ; "%d %d"
call DbgPrint
add esp, 3*4    
Post 08 Jan 2007, 06:34
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt
Why not just open a file and output the log info there?
Post 08 Jan 2007, 09:16
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Because DbgPrint (or OutputDebugString) let's you see stuff in real-time with a tool like WinDbg or sysinternals' debugview (where you can choose to save to file, if you want).

Idea is to have real-time indication of what happens, without the bother of MessageBoxes or console window or whatever.
Post 08 Jan 2007, 09:46
View user's profile Send private message Visit poster's website Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
Thanks vid! I'll give that a try later today. It never occurred to me to disassemble c code ..... <doohhh!!! ... as homer simpson would say).

Thanks for the input madmatt. I appreciate it.

@f0dder - exactly so!

Fyi, here's some advice I got from a Microsoft MVP on MSDN. I'm sure he's correct too, but I was having some difficulty figuring out how to port this to fasm. (I didn't want to tell him about the fasm part since everytime I mention it on MSDN I get a blast about not using M$ supported/sanctioned tools ... i did't want to hear it AGAIN)

Quote:
You should be able to just declare them EXTERN. For instance:

EXTERN DbgPrint:PROC

You might need to decorate the name appropriately if you are building for
x86.

Thanks again, guys!
Post 08 Jan 2007, 13:56
View user's profile Send private message Visit poster's website Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt
If your calling c code then don't forget to use cinvoke instead of normal windows api invoke.

cinvoke DbgPrint, "%d", eax
Post 08 Jan 2007, 15:03
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
DbgPrint, btw, seems to be a libc function - my bet is it does some printf formatting (via one if the other libc functions) and then calls OutputDebugString - so you can replace it with wsprintf() + OutputDebugString.

Btw you can use the "/FA" MSVC compiler setting to generate an assembly listing, instead of disassembling. If often end up diassembling the output .obj with IDA though, because of the comments, name mangling etc. in the asm listings Smile
Post 08 Jan 2007, 15:20
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
I suppose you are creating MS COFF object in FASM (not the driver executable directly)

then, MASM statement:
Code:
EXTERN DbgPrint:PROC    
translated to FASM:
Code:
extrn '_DbgPrint' as DbgPrint    

then you must link your FASM object with appropriate lib file which imports DbgPrint.
Post 08 Jan 2007, 20:10
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
That's exactly right vid, I'm creating MS COFF .obj files, then I am creating .lib files by calling the driver ddk lib.exe utility on the .obj file and including the resulting .lib file in the driver build. Fyi, the driver code is .c (which imports DbgPrint via the ntddk.h).

Thanks for the MASM port .... I think that's exactly what I needed! I think I had it backward.
I had:
Code:
extrn DbgPrint as '_DbgPrint'
    

I'll give it a try this evening (still at work here on the east coast usa).
Post 08 Jan 2007, 21:15
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
let me know then. I probably won't sleep (again - i didn't sleep last 3 days because of my illness Sad )
Post 08 Jan 2007, 21:52
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
It's working vid. Thanks!!

Quote:
i didn't sleep last 3 days because of my illness

Still ill with tonsilitis? That can be serious. If you haven't done so, you should probably see a doctor to get some antibiotics. Running a fever? Please take care of yourself my friend.
Post 08 Jan 2007, 23:39
View user's profile Send private message Visit poster's website Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: usa
coconut
can we see the working code?
Post 09 Jan 2007, 15:18
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Bah, nothing that can't be cured with a bit of the good old SLIVOVICZ Wink

Seriously, though, do go see a doctor.
Post 09 Jan 2007, 15:21
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
f0dder: of course, i am using slivovica to clean my throat. unfortunatelly i am not swallowing it then Smile
Post 09 Jan 2007, 20:09
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
@coconut - sorry for the delay in response to your question about seeing working code.

after some further testing and development, i had to remove the calls to DbgPrint from my fasm code after all. needless to say, drivers are a bit sketchy and have decided to write all my fasm code as leaf functions (i.e. they don't call other functions (like DbgPrint, etc.)). drivers are very fragile things to code and calling extrn functions from within asm being linked into the driver via .libs was dicey to say the least. Shocked
i plan on listing my fasm driver project in the Projects and Ideas section of the board when i get a little further along.
in the meanwhile, you can get a sense of what i'm doing here:
http://www.board.flatassembler.net/topic.php?t=6504
there's some working code listed in that thread.
Post 11 Jan 2007, 17:04
View user's profile Send private message Visit poster's website Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: usa
coconut
great thanks, ill check it out
Post 11 Jan 2007, 20:06
View user's profile Send private message Reply with quote
ACP



Joined: 23 Sep 2006
Posts: 204
ACP
HyperVista wrote:
@coconut - sorry for the delay in response to your question about seeing working code.

after some further testing and development, i had to remove the calls to DbgPrint from my fasm code after all. needless to say, drivers are a bit sketchy and have decided to write all my fasm code as leaf functions (i.e. they don't call other functions (like DbgPrint, etc.)). drivers are very fragile things to code and calling extrn functions from within asm being linked into the driver via .libs was dicey to say the least. Shocked
i plan on listing my fasm driver project in the Projects and Ideas section of the board when i get a little further along.
in the meanwhile, you can get a sense of what i'm doing here:
http://www.board.flatassembler.net/topic.php?t=6504
there's some working code listed in that thread.

Have your tried using KdPrint macro from DDK? This could be a bit helpful if you are using checked build environment. Never use it under FASM thou so a bit of research is needed I guess.
Post 12 Jan 2007, 22:24
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.