New to WInDbg : How to start on VMWare Virtual machine

WINDBG
1

Hi All,

I am a building a file system filter driver to modify the IRP_MJ_READ user Buffer data.For the same i could able to build a filter driver based on FILEMON filter driver.
I’ve WINDBG debugger only,also i dont know how to debug the driver using WinDbg.My driver project include a file system filter driver and an user application which dynamically
load and unload the filter driver.

I performed the following steps,
Host machine is : Win2k Professional.
Target Machine is :Win2003 Server enterprise edition.VMWare virtual machine ( VMWare workstation version 4.01 )
Create a named pipe with setting \.\pipe\com_1 This End is server \ other end is application.

Now as per the definition of WINDGB target machine should have driver and application.so i created a Temp directory and kept the driver and application in that directory.
While the PDB and source file is in the Host machine. After that, i started the debugger on HOST machine with WinDbg -s \.\pipe\com_1 command.
After setting the SYMBOL directory and source directory path on Host machine , i opened the user application from target machine.Its working fine but i am not able to
debug the driver.Again user application tries to open the driver file(SYS) on HOST machine ??? Is it necessary to run WInDbgRM on remote machine ???

I dont know what went wrong , please help me out.

Many tahnx in advanced
Regards
Deepak

2

Hello,

* On Mon, Oct 11, 2004 at 10:51:42PM +0530 Deepak.Singh wrote:

Host machine is : Win2k Professional.

Target Machine is :Win2003 Server enterprise edition.VMWare virtual
machine ( VMWare workstation version 4.01 )

Create a named pipe with setting [1]\.\pipe\com_1 This End is
server \ other end is application.

The following article might be of some help:
http://www.osronline.com/article.cfm?id=185

You must enable “Yield CPU on poll” for the COM port for the virtual
debugging to work.

While the PDB and source file is in the Host machine. After that, i
started the debugger on HOST machine with WinDbg -s
[2]\.\pipe\com_1 command.

This is wrong. From the above article,
windbg -k "com:port=\.\pipe<pipe name>
> debug the driver.Again user application tries to open the driver
> file(SYS) on HOST machine ??? Is it necessary to run WInDbgRM on
> remote machine ???

No, but you need to have enable kernel debugging on the target OS. For
this, you must add a line to the boot.ini file with /debugport=com1
/baudrate=115200 (replace com1 which the appropriate com port which is
connected to the pipe).

HTH,
Spiro.


Spiro R. Trikaliotis
http://www.trikaliotis.net/
http://www.viceteam.org/

3

Hello,

* On Mon, Oct 11, 2004 at 07:57:51PM +0200 I wrote:

The following article might be of some help:
http://www.osronline.com/article.cfm?id=185

Another promising article (found in
news:microsoft.public.development.device.drivers):

http://silverstr.ufies.org/lotr0/windbg-vmware.html

HTH,
Spiro.


Spiro R. Trikaliotis
http://www.trikaliotis.net/
http://www.viceteam.org/

4

“Spiro Trikaliotis” wrote in message
news:xxxxx@windbg…
> Hello,
>
> * On Mon, Oct 11, 2004 at 07:57:51PM +0200 I wrote:
>
>> The following article might be of some help:
>> http://www.osronline.com/article.cfm?id=185
>
> Another promising article (found in
> news:microsoft.public.development.device.drivers):
>
> http://silverstr.ufies.org/lotr0/windbg-vmware.html

I can personally vouch for that article – I’ve used it to debug drivers on
VMWare virtual machines. Note, however, that it’s a bit tricky; even when
set up correctly, the named pipe connection doesn’t always get made – there
seems to be a bit of a timing bug.

5

Why are you stealing the filemon sources? Use of them requires a license
from Wininternals.com. The only sources available are way out of date and
use tricks that are not compatible with production systems.

“Deepak.Singh” wrote in message
news:xxxxx@windbg…
Hi All,

I am a building a file system filter driver to modify the IRP_MJ_READ user
Buffer data.For the same i could able to build a filter driver based on
FILEMON filter driver.
I’ve WINDBG debugger only,also i dont know how to debug the driver using
WinDbg.My driver project include a file system filter driver and an user
application which dynamically
load and unload the filter driver.

I performed the following steps,
Host machine is : Win2k Professional.
Target Machine is :Win2003 Server enterprise edition.VMWare virtual machine
( VMWare workstation version 4.01 )
Create a named pipe with setting \.\pipe\com_1 This End is server \
other end is application.

Now as per the definition of WINDGB target machine should have driver and
application.so i created a Temp directory and kept the driver and
application in that directory.
While the PDB and source file is in the Host machine. After that, i started
the debugger on HOST machine with WinDbg -s \.\pipe\com_1 command.
After setting the SYMBOL directory and source directory path on Host machine
, i opened the user application from target machine.Its working fine but i
am not able to
debug the driver.Again user application tries to open the driver file(SYS)
on HOST machine ??? Is it necessary to run WInDbgRM on remote machine
???

I dont know what went wrong , please help me out.

Many tahnx in advanced
Regards
Deepak

6

Hello,

* On Mon, Oct 11, 2004 at 03:32:31PM -0400 Jeff Henkels wrote:

I can personally vouch for that article – I’ve used it to debug
drivers on VMWare virtual machines. Note, however, that it’s a bit
tricky; even when set up correctly, the named pipe connection doesn’t
always get made – there seems to be a bit of a timing bug.

The only “problems” I have:

  1. the VM must run *before* the debugger is started
  2. if I restart the VM, I have to close the debugger and reopen it as
    soon as the VM has begun starting (essentially, this *is* 1.)
  3. “Break on initial breakpoint” does not work. In fact, if I start the
    VM and immediately start the debugger before I see the XP boot
    screen, the VM is stuck and I have to (virtually) reset it.

HTH,
Spiro.


Spiro R. Trikaliotis
http://www.trikaliotis.net/
http://www.viceteam.org/

7

Spiro,

you may want to look at Virtual PC (Connectix, now MS). It may not have
all the bells and whistles of VMware, but as far as debugging goes, they
certainly got it right. I remember dozens of fruitless Windbag restarts
attempting to connect to a VMware machine; with VPC I just leave Windbag
running.

Cheers,
Felix.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Spiro Trikaliotis
Sent: Monday, 11 October 2004 22:53
To: Kernel Debugging Interest List
Subject: Re: [windbg] New to WInDbg : How to start on VMWare Virtual
machine

Hello,

* On Mon, Oct 11, 2004 at 03:32:31PM -0400 Jeff Henkels wrote:

I can personally vouch for that article – I’ve used it to debug
drivers on VMWare virtual machines. Note, however, that it’s a bit
tricky; even when set up correctly, the named pipe connection doesn’t
always get made – there seems to be a bit of a timing bug.

The only “problems” I have:

  1. the VM must run *before* the debugger is started
  2. if I restart the VM, I have to close the debugger and reopen it as
    soon as the VM has begun starting (essentially, this *is* 1.)
  3. “Break on initial breakpoint” does not work. In fact, if I start the
    VM and immediately start the debugger before I see the XP boot
    screen, the VM is stuck and I have to (virtually) reset it.

HTH,
Spiro.


Spiro R. Trikaliotis
http://www.trikaliotis.net/
http://www.viceteam.org/

You are currently subscribed to windbg as: xxxxx@mvps.org
To unsubscribe send a blank email to xxxxx@lists.osr.com

8

Same thing here for windows debugger. VPC2004 is so nice for the driver
debugging and I have got rid of physical debug target for more than a
year. Just for your info, that’s how you can do for VPC:

  1. For your virtual machine, set up serial port as \.\pipe\com_1
  2. start windbg: windbg -k “com:port=\.\pipe\com_1,pipe”
  3. Start you windows with debug options.

In the meantime, I have so much success to do kernel level source
debugging for Linux using Vmware, so I am ready to discount vmware yet.

Paul

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Felix Kasza
Sent: Monday, October 11, 2004 11:00 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] New to WInDbg : How to start on VMWare Virtual
machine

Spiro,

you may want to look at Virtual PC (Connectix, now MS). It may not have
all the bells and whistles of VMware, but as far as debugging goes, they
certainly got it right. I remember dozens of fruitless Windbag restarts
attempting to connect to a VMware machine; with VPC I just leave Windbag
running.

Cheers,
Felix.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Spiro Trikaliotis
Sent: Monday, 11 October 2004 22:53
To: Kernel Debugging Interest List
Subject: Re: [windbg] New to WInDbg : How to start on VMWare Virtual
machine

Hello,

* On Mon, Oct 11, 2004 at 03:32:31PM -0400 Jeff Henkels wrote:

I can personally vouch for that article – I’ve used it to debug
drivers on VMWare virtual machines. Note, however, that it’s a bit
tricky; even when set up correctly, the named pipe connection doesn’t
always get made – there seems to be a bit of a timing bug.

The only “problems” I have:

  1. the VM must run *before* the debugger is started
  2. if I restart the VM, I have to close the debugger and reopen it as
    soon as the VM has begun starting (essentially, this *is* 1.)
  3. “Break on initial breakpoint” does not work. In fact, if I start the
    VM and immediately start the debugger before I see the XP boot
    screen, the VM is stuck and I have to (virtually) reset it.

HTH,
Spiro.


Spiro R. Trikaliotis
http://www.trikaliotis.net/
http://www.viceteam.org/

You are currently subscribed to windbg as: xxxxx@mvps.org
To unsubscribe send a blank email to xxxxx@lists.osr.com

You are currently subscribed to windbg as: xxxxx@arkivio.com
To unsubscribe send a blank email to xxxxx@lists.osr.com