================================windbg Download Symbol ===================================
A patch often appears "Your debugger is not using the correct symbols",
Use the windbg command to download the update symbol file, the following command can not remove the ".", after the command began downloading traffic monitoring can see
1:. Sympath srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols
2:!sym Noisy
3: Reload
When the download is complete
lkd>.reloadconnected to Windows 7 7600 x86 compatible target at (Fri Apr 21:42:54.477 (UTC + 8:00)), PTR falseloading Kernel Symbols ......................................................................................................................... .................................... Loading User Symbolspeb is paged out (Peb.ldr = 7ffda00c). type ". HH dbgerr001" for detailsloading unloaded module list. lkd>!sym noisynoisy mode-symbol prompts onlkd>!sym noisynoisy mode-symbol prompts. onlkd> Sympath Nddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols dbghelp:symbol Search Path: Srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols dbghelp:symbol Search Path:srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols symbol Search Path Is:srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols&nbsP Expanded Symbol Search Path is:srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/ Symbols warning:whitespace at end of path element
The following is used in the command DT _eprocess out. This machine 7600.16695
Lkd> DT _eprocessntdll!_eprocess
+0x000 PCB: _kprocess
================================ speed double Machine debugging virtualkd+windbg+vmware==================================
When the two-machine debugging, whether it is windbg+vmware, or windbg+1394, its debugging rate is relatively low, and sometimes the implementation of a P command, WinDbg state will busy. Long...
VIRTUALKD can solve this problem perfectly.
VIRTUALKD is primarily used to increase the rate of Windows kernel debugging when using VMware or VirtualBox. The previous two-machine standard debugging method is to use the virtual COM serial port, its rate is very low.
Typically, debugging through a virtual COM serial port involves the following steps:
1.windows uses the virtual COM serial port and the host host computer to exchange data;
2.WINDBG/KD uses a pipe pipeline provided by the VM to communicate with the target debugger.
Here the weakest connection is the virtual COM serial port, its transmission rate is only: 115200 baudrate, equivalent to 115200 bit per second, that is, about 10KB/S transmission rate. VIRTUALKD replaced the virtual COM serial function, greatly improve the data exchange rate, up to 6mb/s, but the official given the!irpfind command test, VMware platform can reach 150kb/s, but has been faster than the virtual COM serial 15 times times. The concrete effect only in the debugging process, will realize-:) In fact, the main principle of VIRTUALKD is to use KD's extended DLL functionality and to patch a process to a virtual machine, both of which communicate through pipe.
How to use:
1. The configuration method can be simple and complex. The simple method has the automation, the complex method has the manual configuration. Manual methods are divided into dynamic patch and static patch two kinds, specific reference to the official website. http://virtualkd.sysprogs.org/
2. Now only describes the situation of automatic installation, Target machine for VMware, if VirtualBox, then slightly changed
Download VIRTUALKD installation package, after decompression, the parent directory under the virtualKD2.2 has a target directory, the target directory copy to the virtual machine, click Target/vminstall.exe Run, and then install directly. As shown in Figure 1, Vminstall.exe will automatically detect the kernel version of the virtual machine, because my target is wrk kernel, it shows: wrk debug "VIRTUALKD", of course, you can also change the display of the string, and then click Install.
When the target is an XP system, the situation is as shown in Figure 2:
(Figure 2)
After selecting Install, follow the prompts to reboot directly.
Next, open the Vmmon.exe program on the host side (remember that the Vmmon program is always on), and the program automatically detects the operating system that is running in the virtual machine. Simply set the WinDbg path and startup mode (Automatic/manual), then everything is OK. When the virtual machine is started, the WinDbg debugger is automatically or manually hooked up. As shown in figure:
In fact, the configuration process is very simple. Write here more long-winded, mainly their first time, did not read the manual, the results of manual configuration, waste of time; later choose Vminstall.exe Automatic installation, forgot to set debugger path. It's a waste of time to check.
The final conclusion is that, using VIRTUALKD instead of the traditional virtual COM serial port, debugging speed is flying faster.
Acceptance of new things is always good, cognitive process is always a little twists and turns, but the target is how simple ...
========================windows 7 local kernel debugging ================
Use VISTALKD as shown below