Hi,
I have tried running a partially checked build version of windows 8.1 64 bit on a virtual machine under vmware workstation using this guide:
https://msdn.microsoft.com/en-us/library/windows/hardware/ff547188(v=vs.85).aspx
But it fails. the guide is small enough to not make mistakes and I tried it 2-3 times. It always fails.
I used 64 bit version of windows for simplification. The boot configuration is done as said and this is the result:
Windows Boot Loader
identifier {803ca78f-b59c-11e5-974d-000c29b28910}
device partition=C:
path \Windows\system32\winload.exe
description Windows 8.1 Checked Build
locale en-US
inherit {bootloadersettings}
recoverysequence {803ca78d-b59c-11e5-974d-000c29b28910}
integrityservices Enable
recoveryenabled Yes
bootdebug Yes
testsigning Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
kernel ntkrnlmp.chk
hal hal.chk
resumeobject {803ca78b-b59c-11e5-974d-000c29b28910}
nx OptIn
bootmenupolicy Standard
debug Yes
By the way. I see the hal.dll and the hal.chk is being place by its side. but I can’t find the ntkrnlmp.exe any where in my windows directory. I copied ntkrnlmp.chk in the system32 directory anyways.
Then I run windbg and have it connect to the VM over a named pipe and restart the VM then I choose the checked boot entry at boot time. the VM restarts. The debugger reconnects and then a fatal system error occurs. here is the log of windbg:
Opened \.\pipe\com_1
Waiting to reconnect…
BD: Boot Debugger Initialized
Connected to Windows Boot Debugger 9600 x64 target
Kernel Debugger connection established.
Symbol search path is: *** Invalid ***
…
Executable search path is:
…
ERROR: Module load completed but symbols could not be loaded for winload.exe
Windows Boot Debugger Kernel Version 9600 UP Free x64
Machine Name:
Primary image base = 0x0000000000855000 Loaded module list = 0x0000000000a10420
System Uptime: not available
*** Windows is unable to verify the signature of
the file \Windows\system32\ntkrnlmp.chk. It will be allowed to load
because the boot debugger is enabled.
*** Windows is unable to verify the signature of
the file \Windows\system32\hal.chk. It will be allowed to load
because the boot debugger is enabled.
Shutdown occurred at (Sun Jul 10 11:59:44.018 2016 (UTC + 4:30))…unloading all symbol tables.
Waiting to reconnect…
Connected to Windows 8 9600 x64 target at (Sun Jul 10 11:59:44.940 2016 (UTC + 4:30)), ptr64 TRUE
Kernel Debugger connection established.
Symbol search path is: *** Invalid ***
…
Executable search path is:
…
ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows 8 Kernel Version 9600 MP (1 procs) Checked x64
Built by: 9600.16384.amd64chk.winblue_rtm.130821-1623
Machine Name:
Kernel base = 0xfffff800b6812000 PsLoadedModuleList = 0xfffff800b7017230
System Uptime: 0 days 0:00:00.065 (checked kernels begin at 49 days)
Driver Verifier: Enabled for fltmgr.sys, flags 0x209bb, build 9600, key ZIW81XuAWkCkhpOuDPmYCG
KDTARGET: Refreshing KD connection
[Err][SdbpDoesFileExists_U] Failed to create file. Status 0xc0000034
[Err][SdbpDoesFileExists_U] Failed to create file. Status 0xc0000034
[Err][SdbpDoesFileExists_U] Failed to create file. Status 0xc0000034
KDTARGET: Refreshing KD connection
*** Fatal System Error: 0xc0000145
(0xFFFFFFFFC000000D,0x0000000000000000,0x0000000000000000,0x0000000000000000)
STOP: c0000145 {Application Error}
The application was unable to start correctly (0xc000000d). Click OK to close the application.
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Anyone knows what I might have done wrong?
I don’t know how to compare windows version with WDK. I have vm running window 8.1 64 bit and it shows build 9600 as you see in windbg log.