Setting Up Kernel Debuggin’ with Windows

I had a very interesting time setting up kernel debugging over serial with Workstation 14. Also, reading manuals on how to do it is pretty dry. After finally forcing myself to read it, I FINALLY got myself a connection over serial. I will also go over doing it with Windows 8.1. Let’s began, shall we??

The Setup

At the moment, I am using VMware Workstation 14. Two virtual machines will be needed, but you can simply create a linked clone to the first one and be good to go. Save a bit of disk space.

You will also need Windows SDK to download and install Windbg, which you can get here. This is going to be installed on your host, debugger machine (server).

As a side note, make sure to ONLY check debugging tools when installing otherwise you will download much more than what you want

The Target

This is going to be your debuggee, where all the crashing and blue screens are going to happen.

In your virtual machine’s settings, you are going to add a serial port.

You will be using named pipes and use the format:

The debuggee is going to be the client and the other end is going to be the virtual machine. “Yield CPU on poll” will also need to be checked.

You will want “This end is the client” and “The other end is a virtual machine.” chosen.

After that is done, boot into the system to modify the boot settings in an elevated prompt.

115200 is the recommended baudrate. Now on to the server…

 

The Server

The options for the server are the same settings and same named pipe as the target except:

  1. “This end is the server.” will be chosen instead
  2. “Yield CPU on poll” is left unchecked
  3. “bcdedit” will not be used

After that is done, boot up this virtual machine so we can start Windbg. I had placed Windbg in my PATH so I will be able to call it in my command prompt.

In a command prompt, issue the following command:

“COM1” is the serial that was added to our VM settings. Windbg will pop up.

After that is done, switch back to your target machine and reboot! Once it begins to boot, you should notice the connection reach to your debugger 🙂

 

Another Way

Another way to set up kernel debugging using virtual machines is by using Windows 8.1 and up. They allow for debugging over the network, and all that is needed is the IP of the server, the port, and the network key generated by the target! Let’s go over this as this does not take long at all.

 

The Target

The server’s IP is needed so it can connect to your debugger. In my case, it is

We issue the following commands in an elevated prompt:

The port number can be anything you want, as long as it is greater than 49151 and up to 65535.

As a side note, make sure to keep the key that was generated handy as you will need that each time you do a session otherwise you’ll need to generate a new one

As for your busparams, you can find that information for your system in “Device Manager”.

To break it down further:

  1. 19 is the PCI bus
  2. 0 is the device
  3. 0 is the function

 

The Server

In a command prompt, all that is needed is to run the following command:

Reboot your target machine and you should be greeted with a connection in your debugger!

 

Blue screens, here we come…

Leave a Reply

Your email address will not be published. Required fields are marked *