I want to add a custom line to windows kernel log, from a batch file, or from cmd prompt.
In linux, I would do this by writing to /dev/kmsg file. Anything written to that file would be visible via dmesg or /var/log/messages.
e.g. echo Hello world > /dev/kmsg
I want something very similar for windows side.
I am also OK if there is a solution like log_to_kernel.exe "my message", instead of redirecting to a device file. I think, there isn't concept of device "files" in windows.
The reason for requirement:
I am trying to debug some issues in a driver & for that I am running some test program, which internally makes calls to the driver in windows.
If the driver fails, I will be able to see the debug messages in the kernel windbg attached over 1394. The kernel debugger will hit a breakpoint/assert & I will not be able to check the iteration number on my target system, till I continue from windbg.
Hence I need to log the time & the test iteration number in kernel log itself, which I am planning to do via the batch file, which runs the automated tests.
Hence, I need some tool or dummy echo driver with C code, which would log my custom message in the kernel log.
In one line, I want to write a custom message to kernel log, from a user space app.
You are supposed to use DbgPrintEx function to write log entries if you are writing a driver,
http://msdn.microsoft.com/en-us/library/windows/hardware/ff543634(v=vs.85).aspx
Then the debugger should be able to display it.
If your application is user mode, OutputDebugString is the simplest,
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363362(v=vs.85).aspx
You might also read about event tracing,
http://msdn.microsoft.com/en-us/library/windows/desktop/bb968803(v=vs.85).aspx
Related
We all know the basic Hello World program:
#include <stdio.h>
int main() {
printf("Hello World!");
return 0;
}
This will open up a command prompt and show us the "Hello, World" message.
My question is: Why? Why is the message shown in a command prompt and not in notepad for example? Why not as a Windows notification? Why is it specifically the command prompt and not something else?
When you “open” a file through Window’s File Explorer, the system (not necessarily the OS directly; various subcomponents are involved) examines the file. If it is a native Windows application, the system will execute it directly. If it is another kind of file, the system will look up an appropriate application for it. For example, if it is a Microsoft Word file, the system will start Microsoft Word with a request that it open the file.
If the file is a “command line” program, the system will start Windows Terminal (or similar program in various versions of Microsoft Windows) with a request to run the program. More specifically, it may start Windows Terminal with a request to run a particular command-line shell and to have that shell run your program.
The C language grew up in Unix-like environments where a command shell read input from a physical keyboard and write output to a physical display. In modern systems, these are usually replaced by pseudo-devices that perform the same functions in software. When the shell starts a command-line program, it creates a new process with the standard input and standard output streams of that process connected to the pseudo-device that provides the keyboard/display functions. (This is the default. You can also request a shell to start a program with input and output redirected from/to files and other devices.)
Then, when your program writes to standard output, it goes to the pseudo-device, which relays the data to the appropriate parts of the system that cause the text to be displayed in the terminal window.
I have a application written in C and i want to control writing of syslogs in txt file from application. On application there is option for START/STOP running, so basically when i press START i want to start writing syslog(journalctl) to /some_folder/debug.txt, and when i press STOP i want to close the file.
This can be done by linux command "journalctl [parameter] > /some_folder/debug.txt", but that is not enough, this must be controlled from application.
Does anyone have idea how this can be done properly, is there some API to control syslogs or i have to do it via system()?
If there is no way, if i have to use system() and journalctl commands are there some suggestion which commands to use?
There is an application on remote machine with Linux OS(Fedora), writing to the log file when certain events occur. Some time ago I changed format of the message being written to the log file. But recently it turned out that for some reason in some seldom cases log files with old format messages appear there. I know for sure that none part of my code can write such strings. Also there is no instance of the old application running. Does anyone have some ideas why it can happen? It's not possible to check which process writes those files because anything like auditctl is not installed there, and neither package manager or yum to get it or install. Application is written in C language.
you can use fuser command to find out all the processes that are using that file
`fuser file.log`
I have an arduino in keyboard emulation mode that sends keyboard keystrokes to the computer it's connected to, the latter appending a log line in a local webpage upon receiving each keystroke. The log program is coded in C using Win32 API.
Now, since it's supposed to function at work (the idea is to get a log file online of when pushbuttons on my desk have been activated), I will be locking my computer...
How can I keep processing CTRL+ALT+key strokes from the windows lock screen?
Thanks,
Mister Mystère
This seems to work: https://www.codeproject.com/Articles/19004/A-Simple-C-Global-Low-Level-Keyboard-Hook
When you run the compiled executable, the keys A and B are detected globally even when the screen is locked.
I ended up downloading a third party lock screen and my program works in its background as it is a standard program. For those of you in the same situation, as far as I know after all that research I'm afraid you'll have to do that instead: it seems like it is not possible starting from Vista.
I installed a PostScript printer driver and have setup REDMON (redmonnt.dll) for redirecting postscript output to my program. In my rather simple c program I capture the data from STDIN and I am able to successfully save it into a .ps file. The file looks OK.
However, I want to start gsview.exe for viewing the file. If I call ShellExecute it fails in Windows 7 because of permission issues. It seems that my program is called under a different user account (LOCAL SERVICE). So I am looking for a way to run gsview.exe under a specific username (the user who initiated the print job) which is available to the program in a variable called REDMON_USER along with the SESSIONID as well.
Q: What are the minimum WinAPI calls required to start a program given a username and a sessionid?
Any code examples in C/C++, .NET would be very helpful.
EDIT: What I am trying accomplish is something very similar to redrunee (from redmonee). I don't want to use redrunee because it opens about a console window for a brief moment.
Note:
1) The program is called by the printer service as [LOCAL SERVICE] account.
2) The first parameter Username (REDMON_USER), in effect, points to the user currently looking at the screen
Look at CreateProcessAsUser.
Also look at CreateProcessWithLogonW and CreateProcess.
They are linked from the CreateProcessAsUser
EDIT In reply to comments by OP.
Follow advice from this thread.
I am copying this here verbatim, in case the original link stops working:
The same code works for us on Vista as
on XP, etc. The service is running as
the Local System.
use WTSGetActiveConsoleSessionId to get the ID of the current active
Windows session at the console (i.e.
the machine keyboard and display, as
opposed to WTS sessions).
use WTSQueryUserToken to get the token for that session.
use DuplicateTokenEx(hToken,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary,
&hTokenDup) to duplicate that token.
use CreateEnvironmentBlock to create an environment that you will be
passing to the process.
use CreateProcessAsUser with the duplicated token and the created
environment. Actually, we use
CreateProcessAsUserW, since the A
version had some sort of bug on some
older systems.
Don't forget to CloseHandle on the various tokens, etc, and to
DestroyEnvironmentBlock the
environment.
Thank you efratian.
PS. Oh joy of Windows programming, did not do it for quite a while. Now I remember why. The only thing that is close or even worse documented is OpenSSH programming.
The documentation describes the "Run as User" feature, which seems to be exactly what you want:
Run as User is intended for launching a GUI program such as GSview locally via RedRun.