Kernel debugging with unsigned driver on windows 10

Hello,

I am trying to perform kernel debugging on windows 10 (x64) with unsigned WFP network callout driver, but everytime I restart my system after installing the unsigned driver it goes to startup repair (even before the debugee could get connected )

Kernel debugging is of a Virtual Machine using virtual COM port

Steps performed:

1. On the VM (Target Machine) executed following:
   bcdedit /debug on
   bcdedit /dbgsettings serial debugport:1 baudrate:115200

2. In windbg(x64) on host machine configured kernel Debug over COM, specifying pipe name as port.

3. Restarted the Target Machine (VM) in debug mode (Through settings → recovery → advanced startup)

On restarting, the system goes to startup repair, while windbg remains in ‘waiting for debugee to connect…’

With same steps, everything is working as expected when the driver is signed, but I need to test with unsigned driver to save time. The entire process of signing a driver is little time consuming and I may be making multiple iterations and modifications in the driver to test, so testing with unsigned driver will really save a lot of time.

Please advise steps which I am missing or are needed to be performed to achieve Kernel debugging with unsigned driver on windows 10.

If the driver is boot start you also need boot debugging enabled:

bcdedit /bootdebug on

> The entire process of signing a driver is a little time consuming and I

may be making multiple iterations and modifications in the driver to
test, so testing with unsigned driver will really save a lot of time.

This is not true. As long as you turn “secure boot” off in your BIOS, you can sign your driver using a KMCS code-signing certificate and a cross-certificate, exactly as we did for systems prior to Windows 10. It adds seconds to the build process.

Thanks Scott and Tim for the information shared.

Executing ‘bcdedit /bootdebug on’ command worked and the issue was resolved.

Thank you so much.