Windows 7 Kernel Debug

Reverse_Engineer · December 5, 2011, 8:50am

Hello

i am having the folowign setup

Windows 7 pro ( physical machine ) - windbg installed with symbols configured

Windows 2008 - Virtual machine

i want to do real time debugging but attaching debugger to windows server 2008 from win7

Please assist - i searched for articles , unfortunaately there arent any, i need to know the steps

mm1 · December 5, 2011, 8:53am

You might want to take a look at ‘kernel_debugging_tutorial.doc’ in the root
of your windbg installation.

Good luck,

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@live.com
Sent: Monday, December 05, 2011 5:50 AM
To: Kernel Debugging Interest List
Subject: [windbg] Windows 7 Kernel Debug

Hello

i am having the folowign setup

Windows 7 pro ( physical machine ) - windbg installed with symbols
configured

Windows 2008 - Virtual machine

i want to do real time debugging but attaching debugger to windows server
2008 from win7

Please assist - i searched for articles , unfortunaately there arent any, i
need to know the steps

WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

James_Antognini-3 · December 6, 2011, 2:05am

I’m surprised that the technique isn’t clear.

In Win2008 VM’s Settings, define under COM1 create a named pipe with a name like MyWin2008VM.
In the VM itself, in an elevated window, do: bcdedit /set debug on .
Assuming that the Hyper-V system running the VM is itself named MyWin2008HV, start windbg on the Win7 system (or on some system; couldn be the Hyper-V system itself): windbg.exe /k com:port=\MyWin2008HV\pipe\MyWin2008VM,pipe,resets=0,reconnect .
Reboot the VM. The debugger session should show activity (assuming there are not network/firewall issues.)

James Antognini