Viewing Driver Output
For debugging purposes it is common for drivers to use the DbgPrint() API to emit debug messages. The syntax is given below.
ULONG DbgPrint(const char *fmt, ...);
DbgPrint() is very similar to the regular printf() routine, the difference being that it can only be called from kernel mode. The debug messages, instead of displaying on the screen, are sent to the kernel debugger (usually WinDbg), assuming that one is attached.
Unloading a Driver
Stopping (and unloading) a driver is as simple as starting it using the net command:
net stop hello
However the driver we have built at this point will never unload, because we have omitted a tiny detail. The one thing we left out was the DriverUnload() routine, which the service-control-manager calls when a driver is about to unload. This unload routine must be specified during DriverEntry() if our driver is to be unloadable, and a pointer to the routine stored in the DriverObject:
void DriverUnload(PDRIVER_OBJECT pDriverObject)
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
DbgPrint("Hello, World! Driver loaded!\n");
DriverObject->DriverUnload = DriverUnload;
Modify your basic driver source code by adding the above code.
You will have to rebuild the driver.
To clean-up all the 'mess' done, reboot your computer. In our case to simplify the steps to view the verbose output of the driver based on using the DbgPrint(), we use DebugView tool. DebugView tool can be downloaded from Microsoft TechNet. Run this tool and enable the Capture settings as shown below.
Next, run the osrloader as done previously. Register and start the Hello driver.
Notice the DebugView messages.
Then, you also are able to use "net start" and "net stop" as often as you like to start and stop the driver.