Your KMDF driver log can also be available in a mini-dump under certain circumstances. If you have a full kernel dump or a full memory dump, the log will be always present (barring any memory corruption or problems writing out the dump file). KMDF will attempt to write your driver's log to the mini-dump if one of the following are true:
  1. KMDF can determine if your driver is the cause of the bugcheck
  2. You added a registry setting which told KMDF to always write your log
As of v1.5, KMDF can determine if your driver is the cause of a bugcheck if one of the bug check parameters contains a pointer which is within the loaded driver's memory range. KMDF could attempt to walk the stack to figure out if the client is on the stack, but KMDF plays it safe. Walking the stack may cause another fault, which could make it impossible to capture a dump (which is just one possible thing that could go wrong). When the following bug check codes occur, KMDF will attempt to determine if your driver was the cause of the bug check:

Code Value

At first glance, to get your log out of the mini-dump you would think that you could use !wdflogdump to view the log. Unfortunately, you can't use this command because of the way that memory is stored in the mini-dump. Instead, you need to run the !wdfcrashdump command. All the other dump related commands (!wdfsearchpath, !wdftmffile) still work in the mini-dump environment.

If you have a kernel debugger attached, you can also save the log explicitly. The !wdflogsave [DriverName [FileName]] command will save the log for you in a WPP compatible format (which you can open in a trace viewing app like TraceView). If you do not specify [FileName], the log will be written to [DriverName].etl.

You can also force KMDF to always write your driver's log file to the mini-dump. To enable this feature, you must add the following registry value under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\<your driver>\Parameters\WDF. A value of zero (the default) turns the feature off, a non-zero value enables the feature.

    ForceLogsInMiniDump : REG_DWORD