Copyright © 1997 Mark Russinovich and OSR Open Systems Resources, Inc.

last updated February 28, 1997

DebugMon - NT Debug Monitor 1.0

Introduction
DebugMon is a GUI-device driver combination that intercepts and displays calls made by device drivers to the NTOSKRNL routine DbgPrint under Windows NT 4.0. Normally a debugger like WinDbg or SoftICE/NT must be used to capture this output, but DebugMon works with no debugger running, and can be used to save the DbgPrint log it displays to a file for later processing. To further aid in debugging, DebugMon time-stamps and marks each line of debug text with a sequence number.

DebugMon is brought to you free of charge by Open Systems Resources, Inc, the company I work for as an NT Internals consultant.


Installation and Use
DebugMon works on all builds of NT 4.0. Installing DebugMon is as easy as unzipping it and typing, "DebugMon." The GUI dynamically loads the driver (based on code from the instdrv sample in the Windows NT DDK), which starts intercepting DbgPrint calls. The menus can be used to disable event capturing, control the scrolling of the listview, and to save the listview contents to an ASCII file.

If DebugMon's internal buffers become exhausted, DbgPrint records will be intentionally dropped, and this is reflected by a gap in the displayed sequence numbers.

By default DebugMon does not pass DbgPrint calls on to a debugger that might also be capturing its output. This can be changed by setting the Events|Passthrough menu item, which will have DebugMon pass the debug messages on after they have been logged.


Sample Screen Shot This is a screenshot of DebugMon capturing NTRegmon's DbgPrint output.

Redistributing DebugMon DebugMon can be freely distributed in its original zipped form for non-commercial purposes.

If you need a custom NT device driver, filter driver or file system, or need training on NT device drivers, OSR may be able to help out.


Download DebugMon (22KB)