================================windbg Download Symbol ===================================
The patch often appears "Your debugger is not using the correct symbols",
Use the windbg command to download the update symbol file, the following command can not be removed ".", after the command began to download traffic monitoring can see
1:. Sympath srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols
2:!sym Noisy
3:. Reload
After the download is complete
lkd>.reloadconnected to Windows 7 7600 x86 compatible target at (Fri Apr 21:42:54.477 (UTC + 8:00am)), PTR6 4 falseloading Kernel Symbols ......................................................................................................................... .................................... Loading User Symbolspeb is paged out (Peb.ldr = 7ffda00c). type ". HH dbgerr001" for detailsloading unloaded module list: lkd>!sym noisynoisy mode-symbol prompts onlkd>!sym noisynoisy mode-symbol prompts onlkd>. Sympath srv*G:\Wi Nddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols dbghelp:symbol Search Path: Srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols dbghelp:symbol Search Path:srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols symbol Search Path is:srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/symbols Expanded Symbol Search Path is:srv*g:\winddk\7600.16385.1\debuggers\symbols*http://msdl.microsoft.com/download/ Symbols warning:whitespace at end of path element
Below is the use of the command DT _eprocess came out. Native 7600.16695
Lkd> DT _eprocessntdll!_eprocess
+0x000 PCB: _kprocess
================================ Speed dual-machine commissioning virtualkd+windbg+vmware==================================
When the two-machine debugging, whether it is windbg+vmware, or windbg+1394, its debugging rate is relatively low, sometimes execute a p command, WinDbg state will busy. Long...
VIRTUALKD can be a perfect solution to this problem.
VIRTUALKD is primarily used to improve the rate of Windows kernel debugging when using VMware or VirtualBox. The previous two-machine standard debugging method is the use of virtual COM serial port, its rate is very low.
Typically, debugging over a virtual COM serial port involves the following steps:
1.windows uses the virtual COM serial port and the host host to exchange data;
2.WINDBG/KD uses a pipe pipe provided by the VM to communicate with the target debug machine.
The weakest connection here is the virtual COM serial port, with a transfer rate of only: 115200 baudrate, equivalent to 115200 bit per second, which is about 10kb/s transfer rate. VIRTUALKD replaces the virtual COM serial port function, greatly improves the data exchange rate, can reach the 6mb/s, but the official gives the!irpfind command test, the VMware platform can reach 150kb/s, but already is 15 times times faster than the virtual COM serial port. The specific effect is only in the debugging process, will realize that-:) In fact, the main principle of VIRTUALKD is to utilize the KD extension DLL function and patch a process to the virtual machine, both of which communicate through the pipe.
How to use:
1. The configuration method can be simple and complex. Simple methods are automated and complex methods are manually configured. Manual method is divided into dynamic patch and static patch two kinds, specific can refer to the official website. http://virtualkd.sysprogs.org/
2. Now only the automatic installation of the situation, the target machine is VMware, if VirtualBox, then a slight change
Download VIRTUALKD installation package, after decompression, the parent directory under virtualKD2.2 has a target directory, copy the target directory to the virtual machine, click Target/vminstall.exe Run, and then install directly. As shown in 1, Vminstall.exe will automatically detect the kernel version of the virtual machine, because my target machine is the kernel of wrk, so the display: wrk Debug "VIRTUALKD", of course, you can also change the displayed string, then click Install.
When the target machine is an XP system, Scenario 2 shows:
(Fig. 2)
After selecting Install, follow the prompts to restart directly.
Next, open the Vmmon.exe program on the host side (remember, the Vmmon program is always on), the program will automatically detect the running operating system in the virtual machine. Simply set the path and startup mode of the WinDbg (Auto/manual), then everything is OK. When the virtual machine starts, the WinDbg debug machine is automatically or manually hooked up.
In fact, the configuration process is very simple. Here is more verbose, mainly the first time when the configuration, did not read the manual, the results of manual configuration, wasting time; then choose Vminstall.exe Automatic Installation, forgot to set debugger path. and wasted time to check it.
The final conclusion is that the use of VIRTUALKD instead of the traditional virtual COM serial port, debugging speed is flying general fast.
Accepting new things is always good, the process of cognition is always a little twists and turns, but the target object is how simple!!!
========================windows 7 local Kernel debug ================
Use VISTALKD such as
Virtualkd+windbg+vmware fast debug +windbg download symbol +windows 7 local kernel debug