Jan Wilmans

According to this post, we need a kernel hook to capture global session 0 messages. http://stackoverflow.com/questions/5055015/issue-capturing-global-session-0-outputdebugstring-messages-via-win32-api Maybe http://www.codeproject.com/Articles/2082/API-hooking-revealed can help us

Tested: - http://www.hootech.com/WinTail/ - http://www.codeproject.com/kb/winsdk/outputdebugstring.aspx - https://code.google.com/p/buggazer/ - http://www.codeproject.com/Articles/13345/DbMon-NET-A-simple-NET-OutputDebugString-capturer (DbMon.net) result: all have the same problem

Conclusion: the problem seems to be specific to the application (64-bit plugin for explorer.exe). Apparently it is not using the 'normal' OutputDebugString mechanism.

Closing the issue as 'out of scope', like kernel messages, SI dbgview can be used for these cases.

Might be solved by 424dd4318685aea5d8a9084a2724dc59ff38561b retest

I did a first attempt to understand how to use ETW, I couldn't even figure out how to use to from C++... do you have any working examples?

I would like to support ETW because it seems to be _the_ OutputDebugString replacement for modern windows development?

@harriv thanks! I will try this, at first glance this looks like the 'receiving part' right? the side I would need to do, which is perfect to have an example...

wow thanks! I will have to examine this!

This may sound good in theory, but highlighting can be done by several kinds of filters, or in fact, multiple filters can contribute to the same lines' coloring. include, highlight,...