1

Topic: To catch a call of the user functions of a debug output in WinDbg to a kernel

In Win 10.0.15063 process conhost.exe by operation in console applications of type FAR deduces a wild amount of debugging messages (apparently, from conhostv2.dll), at all hammering in an output connected to kernel WinDbg. Attempts to find a kosher method of switch-off of this rubbish did not result in success - search finds some the flasque arguings which are not concerning even not to MS. I tried to catch call OutputDebugString in a debugger, but all attempts shamefully failed. Itself WinDbg is able to deduce only the message text, operation interruption is not provided. DebugView shows ID the process deducing the message, but is not able to cause thus an exception for a debugger. API Monitor v2 alpha-r3 connects process, allows to install marks on OutputDebugStringA and OutputDebugStringW, but in any way does not catch their calls. In WinDbg I switch in a process context (.process-p), I put bp on KERNELBASE! OutputDebugStringA and KERNELBASE! OutputDebugStringW, I start up - the output goes, but the debugger is not interrupted. What for miracles? Next "improvement" in ten?

2

Re: To catch a call of the user functions of a debug output in WinDbg to a kernel

Hello, Evgenie Muzychenko, you wrote: I eat> That for miracles? Next "improvement" in ten? IDA says that OutputDebugStringW now so: RaiseException (0x4001000Au, 0, 4u, &Arguments); here and the link on a subject https://ntquery.wordpress.com/2015/09/0 … ugstringw/

3

Re: To catch a call of the user functions of a debug output in WinDbg to a kernel

Hello, rumit7, you wrote: R> IDA says that OutputDebugStringW now so: R> R> RaiseException (0x4001000Au, 0, 4u, &Arguments); R> About as. Thanks! IDA only an old demo - to buy the license from me for horse money for the sake of several experiments for a year the toad smothers, and to use the pirate conscience does not allow. R> here and the link on subject R> https://ntquery.wordpress.com/2015/09/0 … ugstringw/ Here generally any game: in nuclear WinDbg at adding of exceptions with the codes 0x40010006/0x4001000A suddenly began to work installed before break point on OutputDebugStringA/W d kernelbase, however to cause break by one only exceptions, without stop points, it is impossible.