At first glance, to get your log out of the mini-dump you would think that
you could use !wdflogdump to view the log. Unfortunately,
you can't use this command because of the way that memory is stored in the mini-dump. Instead,
you need to run the !wdfcrashdump command. All
the other dump related commands (!wdfsearchpath, !wdftmffile)
still work in the mini-dump environment.
If you have a kernel debugger attached, you can also save the log explicitly.
The !wdflogsave [DriverName [FileName]] command will save the log for you
in a WPP compatible format (which you can open in a trace viewing app like TraceView).
If you do not specify [FileName], the log will be written to [DriverName].etl.
You can also force KMDF to always write your driver's log file to the mini-dump.
To enable this feature, you must add the following registry value under
A value of zero (the default) turns the feature off, a non-zero value enables the
ForceLogsInMiniDump : REG_DWORD