The !wdfkd.wdflogdump extension displays the WDF In-flight Recorder log records, if available, for a KMDF driver or a UMDF 2 driver. You can use this command with a complete memory dump, a kernel memory dump, or a live kernel-mode target.
!wdfkd.wdflogdump [DriverName [Parameter2]]
- KMDF: The name of a KMDF driver. The name must not include the .sys filename extension.
- UMDF: The name of a UMDF 2 driver. The name must include the .dll filename extension.
- KMDF: The address of the WdfDriverGlobals structure. You can determine this address by running !wdfkd.wdfldr and looking for the field labeled "WdfGlobals". Or, you can supply @@(Driver!WdfDriverGlobals) as the address value, where Driver is the name of the driver. If any WdfDriverGlobals address is supplied, DriverName is ignored (although it must nevertheless be supplied).
UMDF: The process ID of an instance of wudfhost.exe. If you supply the process ID, this command displays the log records for that process. If you do not supply the process ID, this command displays a list of commands in this form:!wdflogdump DriverName ProcessID
KMDF 1, UMDF 2
For more information, see Kernel-Mode Driver Framework Debugging.
If you omit the DriverName parameter, the default driver name is used. Use the !wdfkd.wdfgetdriver extension to display the default driver name, and use the !wdfkd.wdfsetdriver extension to set the default driver name.