Use windbg and virtual machine to debug windows drivers

Scope and description:

This article only describes the specific operation process and does not involve detailed principles. For more information, see debugging help (debugging tools for Windows );

In this article, virtual PC 2007 is used as a virtual machine, but it is applicable to other versions of Virtual PC or VMware (VMware sets the naming pipeline in a slightly different way ).

Windbg updates very quickly, almost monthly updates, the following is the Microsoft Site download link: http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx

Body:

Debugging is a headache when developing drivers. If you install the driver on the operating system of your machine, it may be a bug check (blue screen). At this time, you may need to enter the security mode, uninstall your driver, or even reinstall the operating system. A good solution for driver debugging is to attach a virtual machine to your physical machine and install the driver you want to debug on the virtual machine, then use windbg to debug the driver on your physical machine. It is roughly as follows:

The basic steps are as follows:

1. Installation Process: Install the Virtual Machine and windbg software on your machine;

2. configuration process: Make necessary configurations for your windbg and Virtual Machine software;

3. debugging process: Provides the simplest debugging and startup process without involving complex kernel debugging technologies;

I. Installation Process

First, you need to install the Virtual Machine on your own machine. I have installed Virtual PC 2007, and then install the operating system on your virtual machine, the version of the operating system depends on which operating system you want to debug your driver. The installation process of virtual machines and virtual machine operating systems is detailed on virtualpc or VMware.

Then, install windbg on your physical machine. I use the latest version 6.8.0004.0 when writing this document. You can click the link I provided to go to the latest version of Microsoft website, it seems that the installation process is not very complex, and there is no special configuration, so I will not go into details here.

Ii. configuration process

After the software is installed, the rest is the configuration. First, configure your VM as follows:

Configure the named pipe: You need to create a named pipe on your virtual machine. windbg uses this pipe to establish a connection with your virtual machine. The method for configuring Named Pipes for virtual machines can be easily found in the help documents of virtual machines or on the Internet. The following describes how to create a named pipe on Virtual PC 2007 (so easy :))

Open Virtual PC 2007 and click "action"-> "Settings" to go To the VM settings page:

On the VM settings page, select "COM1" or "com2", click "named pipe" in the attribute item on the right, and specify a pipe name, note that the name format of the named pipeline is as follows:

//./Pipe/your_pipename_whatever

After configuring the named pipe for the virtual machine, you also need to configure the Startup Mode for the Virtual Machine and start it in debug mode:

Find "C:/boot. ini "(% SystemRoot %) file (don't tell me you can't find it, ), remove the read-only attribute of this file (right-click the file and select" attribute ", remove the "read-only" option), open it with notepad and other text tools, and add the following startup options:

/Debug/debugport = com 1/baudrate = 115200

Note that the port specified by debugport must be the same as the name pipe port configured in the previous step. For baudrate, you can specify it as 57600 or 115200. Note that, the baudrate value of the port on the physical machine must be the same as the baudrate value you specified here. Configuration example:

Now, the virtual machine configuration has been completed.

The rest is the configuration of the physical machine, which is relatively simple.

First, install windbg. Then, configure the baudrate of the COM port of the physical machine: "My Computer"-> (right-click) "Property"-> "hardware"-> "Device Manager ", select the same comport you configured on the virtual machine, right-click "attribute", and configure the second-bit value of COM to be the same as your/baudrate value on the virtual machine. You can use the default values for other values, such:

Then, configure the windbg startup option. I like to make a batch file. The content of the BAT (or cmd) file is as follows:

Windbg-k com: pipe, Port = //./pipe/your_pipe_name

Your_pipe_name indicates the name of the virtual machine named pipe you configured. Store this batch file in the directory where your windbg.exe is located. Then everything is OK.

Iii. debugging process

First, start your Vm and click the BAT file you created on the physical machine. Note that if your VM has not been started yet, when you click the BAT file, the error "the system cannot find the specified file" appears. This is because your VM is not started, or your VM's comport is not ready yet. It doesn't matter. During the startup of the virtual machine operating system, a batch of files will be executed for a period of one or two seconds. If everything is OK, the windbg will display the following information:

Slave --------------------------------------------------------------------------------------------------------------------------------

Microsoft (r) Windows debugger version 6.8.0004.0 x86
Copyright (c) Microsoft Corporation. All rights reserved.

Opened //./pipe/my_pipe
Waiting to reconnect...
Connected to Windows XP 2600x86 compatible target, ptr64 false
Kernel debugger connection established.
Symbol search path is: *** invalid ***
**************************************** ************************************
* Symbol loading may be unreliable without a symbol search path .*
* Use. symfix to have the debugger choose a symbol path .*
* After setting your symbol path, use. Reload to refresh symbol locations .*
**************************************** ************************************

Slave --------------------------------------------------------------------------------------------------------------------------------

At this point, press Ctrl + break to suspend the virtual machine operating system, open your source file, F9 to add the breakpoint, and you will start your driver debugging journey :). If you want to add the debugging symbols of the operating system, you need to add the following values to your windbg Configuration:

In windbg, add the following values to "file"-> "symbol file path:

Bytes --------------------------------------------------------------------------------------------------------------------------

SRV * D:/winsymbols * http://msdl.microsoft.com/download/symbols

Bytes --------------------------------------------------------------------------------------------------------------------------

Among them, D:/winsymbols is the Save path of the symbol you want to download. Because it is a dynamic download, you must ensure that the machine is connected to the Internet.

Lastly, enjoy your kernel debug journey!