A non-exhaustive collection of tools I discovered and/or use in driver development.
DebugView is an application that lets you monitor debug output on your local system, or any computer on the network that you can reach via TCP/IP. It is capable of displaying both kernel-mode and Win32 debug output, so you don't need a debugger to catch the debug output your applications or device drivers generate, nor do you need to modify your applications or drivers to use non-standard debug output APIs.
Useful for quickly displaying "legacy" Kernel-mode
DbgPrint calls (WDM drivers, non-tracing sections in WDF drivers).
TraceView Plus is a fast and light-weight trace viewer designed for WPP Software Tracing and DbgPrint. WPP Software Tracing is a tracing technology from Microsoft primarily intended for debugging code during C/C++ development. With TraceView Plus you can create and view traces, and analyze them quickly.
My "de-facto-standard" tool for viewing live logs of a "modern" driver using WPP tracing. No free edition available but a generous amount of trial time and just a simple nag-screen on startup.
Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.
Best known as a network packet analyzer it can also sniff USB traffic when USBPcap is installed (included in Wireshark setup). It's straight forward to install and use and the captured traffic can be saved for later analysis in well-known
.pcap file format.
busdog is a filter driver for MS Windows (XP and above) to sniff USB traffic.
Have only briefly touched this one so far. Similar functionality like the Wireshark + USBPcap combo but less parsing/refinement of the tracing messages is done for you. Open source so definitely worthy of a bookmark
See IRP, SRB and URB requests to any Windows device driver. You can see the request details and data buffer. 32 bit and AMD64 bit versions of Windows 10, 8, 7, Vista, Windows XP and Windows 2000 are supported.
A very powerful tool for peeking under the hood of various driver stacks and analyzing the flow or IRP packets. Despite the author listing Windows 10 and 8 as supported I was only able to reliably run it on Windows 7 32-Bit. Might be PEBKAC, maybe time will tell
USBlyzer is a software-based USB protocol analyzer, so you won't have to install any additional hardware or software. It runs on 32-bit and 64-bit version of Microsoft Windows without any compatibility issues and does not require any service pack.
Commercial tool with trial version that can in some cases reveal more information about USB communication than Wireshark/USBPcap are currently capable of. It especially captures error conditions other tools can't catch or ignore.
USBView (Universal Serial Bus Viewer, USBView.exe) is a Windows graphical user interface application that enables you to browse all USB controllers and connected USB devices on your computer.
Open source tool from Microsoft, binary included in Windows SDK. Displays device tree and device details like descriptors, pipes, interfaces, vendor and product IDs, power demand etc.
DriverStore Explorer [RAPR] makes it easier to deal with Windows driver store. Supported operations include enumeration, adding a driver package (stage), adding & installing, deletion and force deletion from the driver store.
Very useful GUI wrapper for
pnputil. Exposes all driver revisions and copies held in the driver store and offers methods to remove them.
DriverView utility displays the list of all device drivers currently loaded on your system. For each driver in the list, additional useful information is displayed: load address of the driver, description, version, product name, company that created the driver, and more.
DevManView is an alternative to the standard Device Manager of Windows, which displays all devices and their properties in flat table, instead of tree viewer. In addition to displaying the devices of your local computer, DevManView also allows you view the devices list of another computer on your network, as long as you have administrator access rights to this computer.
DevManView can also load the devices list from external instance of Windows and disable unwanted devices. This feature can be useful if you have Windows operating system with booting problems, and you want to disable the problematic device.
Debugview++ started as a viewer for Win32 OutputDebugString messages in the style of Sysinternals DebugView. However, it can now be attached to virtually any other kind of logging, such as:
- tailing ascii and UTF logfiles (just drag it onto the window)
- Android ADB (or any console based standard output)
- serial ports (using plink)
- sockets, telnet or ssh ports (also using plink)
- it can listen for UDP messages, handy in distributed systems
DirectInput enumeration and testing tool.