Debugging

Connect two Windows virtual machines over a virtual serial port on a Linux host

Software

  • Linux Debian 8.x
  • Windows 8 64 bit (Debugger)
  • Windows 10 64 bit (Debuggee)
  • WinDbg (Windows SDK)

Setting up the Debugger

  • WinDbg installation https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk
  • Symbols add an environment variable, _NT_SYMBOL_PATH, value, SRVC:\Symbolshttps://msdl.microsoft.com/download/symbols.
  • Shutdown VM
  • Edit virtual machine settings -> Add… -> Serial Port -> -> Use socket (/tmp/com1) -> From: Client -> To: A Virtual Machine -> Unselect Yield CPU on poll.

Setting up the Debuggee

  • bcdedit /copy {current} /d “Debugging Session”
  • bcdedit /debug {GUID_FROM_PREVIOUS_COMMAND} on
  • bcdedit /dbgsettings serial debugport:1 baudrate:115200
  • Shutdown VM
  • Edit virtual machine settings -> Add… -> Serial Port -> -> Use socket (/tmp/com1) -> From: Server -> To: A Virtual Machine -> Select Yield CPU on poll.

Testing the connection

  • Power on Debugger VM
  • Run WinDbg (X64) -> File -> Kernel Debug… -> COM (Baud Rate: 115200, Port: com1) -> OK
  • Power on Debuggee VM (Select “Debugging Session“)
  • Click Debug -> Break to issue an interrupt and start debugging the kernel.
  • Type a ‘g’ command to release the Debuggee.

References

Setting up the lab using VirtualBox