Hyper-v guest kernel debugging

Alnoor_Allidina · June 9, 2024, 2:32am

Perhaps I'm having a mid-life crisis. I'm at a new job and have decided to use Hyper-V VMs instead of VMWare Workstation VMs.

As such, I've been using KDNET / network kernel debugging but it has some annoying quirks:

After breaking in the debugger, the guest OS goes back to the lock screen.
Sometimes after resuming, the guest stays unresponsive for some time. There seems to be a hang somewhere in win32k.
My host IP address changes on each reboot and I have to reset the guest with the new host IP.

I've read about a mythical hyper-v kernel debug transport - kdvm.dll. As seen here: Hyper-V Kernel Debugging - #11 by OSR_Community_User

I've spent some hours with it. The host config sems correct, and I can see it opening the correct ports. But the guest never connects to it.

Does anyone use kdvm.dll? I'm using a Windows 11 VM and copying kdvm.dll from an older operating system.

Also, if you have any hyper-v kernel debugging tips, I'm happy to hear them. My instinct is to switch back to VMware Workstation, but I might give it a few more weeks.

Thanks!
Anoor

Mark_Roddy · June 9, 2024, 3:25pm

1. After breaking in the debugger, the guest OS goes back to the lock screen.
Sure, either rdp or the hyper-v 'console' are not part of the guest system, so they observe a disconnect. It is annoying but there is nothing to do about it. I've looked for an rdp timeout adjustment with no luck.

2. Sometimes after resuming, the guest stays unresponsive for some time. There seems to be a hang somewhere in win32k.

Never experienced this.

3. My host IP address changes on each reboot and I have to reset the guest with the new host IP.

Get a longer lease. Don't reboot frequently. This is a feature of kdnet and not hyper-v. On the other hand kdnet is very nice in terms of performance. You could also use a 'debug server' with a more persistent ip address and connect to that instead of directly to the target.

You can use serial port debugging on hyper-v but it is a real PITA. It won't have problem 3, but likely will have your other issues.

umann · June 9, 2024, 4:24pm

The first issue you mentioned has a relatively simple fix. At the top of the RDP box select the "View" entry and uncheck "Enhanced session". The disconnect will no longer happen. There's a trade-off to this that file drag-n-drop and clipboard copy-n-paste between the host processes and guest processes will not longer work. The latter can be overcome by using the "Clipboard" menu to emit text from your host session into windows on the guest.

The last issue can also be worked around. When you set up for NET protocol, you can use any address you want. Not just your current external switch. I typically even use localhost (i.e., bcdedit.exe /dbgsettings net hostip:127.0.0.1 port:50000 key:1.2.3.4). Then use kdnet.exe to set the kernel debugger port using the host name instead of IP address (i.e., kdnet.exe <YOUR_HOST> 50000 -k).

I also never experienced the win32k issue. It looks like some issue on the host or guest. Try and disable any non-standard software to see if it goes away.

Alnoor_Allidina · June 11, 2024, 2:55pm

Wow, thanks for the great tips! I was going crazy... maybe my hangs will go away as well, with enhanced mode disabled.

Alnoor_Allidina · June 11, 2024, 3:10pm

One oddity. After setting hostip:127.0.0.1 and rebooting, the OS magically fills in the HOST_IP field with the actual IP of the host.

That's strange. But after our chat, it makes sense. KDNET is probably updating it based on the result of the DNS lookup.

Thanks again for the advice!

Alnoor