Connecting a Debugging Tool to the Service Responsible for Filtering Printed Documents (Note: DO NOT print was not used in the rephrased title, as per the instruction.)

While carrying out packet traces and ending processes and services, I discovered that the traffic continued even after terminating the specific process. As a result, the spoolsv.exe process in the Windows Server print server could encounter an increased CPU utilization, which is not typical.

The
print filter pipeline
service (printfilterpipelinesvc.exe) hosts XPSDrv driver filters. To connect WinDbg to the print filter pipeline service, there are two primary methods available.

  1. Use WinDbg from the command line to start the process.

  2. Attach WinDbg
    to an existing process.

To start the filter pipeline host, use the
print spooler
method and attach WinDbg to the process using the second option. It’s important to note that the filter pipeline host is not persistent and a new instance is started for each print queue job. As a result, attaching WinDbg to printfilterpipelinesvc.exe may be challenging, especially if you want to debug the filter’s startup or initialization code and the job has already been submitted (
print job
).

One way to address this issue is by adjusting the duration during which printfilterpipelinesvc.exe remains active after completing a printing task. To do so, you can change the value of the PipelineHostTimeout setting located in the Print registry key under HKEY_LOCAL_MACHINESystemCurrentControlSetControl.

Follow these instructions to modify the filter pipeline’s
service timeout
value.

  1. Run Microsoft Registry Editor (RegEdit) and navigate to HKEY_LOCAL_MACHINESystemCurrentControlSetControlPrint.

  2. Add a

    PipelineHostTimeout

    REG_DWORD value to the key, if it is not already present.

  3. Set

    PipelineHostTimeout

    to the timeout value, in milliseconds. Set a large enough value to give yourself ample time to attach the process and set breakpoints. For example, if you want a timeout value of
    1.5 minutes
    , set

    PipelineHostTimeout

    to 90000.

Once you have configured the value for PipelineHostTimeout, follow the steps below to connect WinDbg to the
pipeline filter
service:

  1. Run WinDbg with elevated privileges, but do not attach it to a process.

  2. Submit a print job to your driver and wait for it to complete. The filter pipeline service continues running for the specified timeout value.

  3. From the WinDbg File menu, select
    attach to a process
    .

  4. In the Attach to Process dialog box, select printfilterpipelinesvc.exe and click OK. If the process is listed as ”
    Access Denied
    “, it probably means that WinDbg is not running with elevated privileges.

  5. Set breakpoints, as appropriate.

  6. Submit the print job again.

The debugger should be interrupted by the filter host process at the earliest breakpoint or verifier stop, whichever appears first. This will allow for code stepping, variable examination, etc.

Frequently Asked Questions

Posted in Uncategorized