VMWare + WinDbg build (driver) debugging environment

Refer:

WinDBG + VMware = debug the kernel

 

The VMWare + WinDbg setup (driver) debugging environment today sets up a "VMWare + Windbg dual-machine kernel debugging environment for virtual machines ", for the first time, I felt the power and charm of "symbol and source code debugging. However, it seems that the operation is a little troublesome. The speed of Dual-host debugging is not fast enough, and there are always problems (it may be related to VMware ). A notable disadvantage of Windbg is that, once there is no symbol or source code, its functions will be stretched. Therefore, I personally feel that it is not suitable for reverse engineering, project debugging and driver-level debugging are quite good. At present, I am still unable to control it well, so I am slowly seeking ......

Symbol table:Http://msdl.microsoft.com/download/symbols/packages/windowsxp/WindowsXP-KB835935-SP2-slp-Symbols.exe

WinDbg:Http://msdl.microsoft.com/download/symbols/debuggers/dbg_x86_6.5.3.8.exe

After installing the preceding two programs, set the environment variables: Right-click my computer and choose system properties. On the Advanced page, click environment variables (N )", create a new item in the following "system variable (S:

Variable name: _ NT_SYMBOL_PATH

Variable value: SRV * c: \ windows \ symbols * http://msdl.microsoft.com/download/symbols

The advantage of setting this environment variable is that WinDbg will use this path as the symbol table path in the future.

Install the vmwarevm and install the operating system in the VM, such as WinXP SP2. Modify after installationBoot. iniFile. Inside[Operating systems]Add a row to the section,

"Multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS =" win xp Debug "/fastdetect/debug/debugport = com1/baudrate = 115200"

We recommend that you[Boot loader]SectionTimeoutChange to a large value, so that the countdown will take a long time for us to choose the system to load the menu.

Disable the hardware of the system to configure the Virtual Machine. Click"Edit virtual machine settings", AddSerial Port, Select"Output to named pipe ",Next step;

Keep the default"\\. \ Pipe \ com_1"
Select"This end is the server ."
Select"The other end is an application ."
Selected"Connect at power on"
Then click"Advanced>"Then, select"Yield CPU on poll ",Save and exit.

View in Real System"Device Manager ",FindCom1And then click"Port Settings"Change speed115200.

For convenienceWinDbg shortcutsAttribute"Target (T )"Enter:

"C: \ Program Files \ Debugging Tools for Windows \ windbg.exe"-y C: \ Windows \ Symbols \-B-k com: port = \\. \ pipe \ com_1, baud = 115200, pipe

Here -YThe following path is the one installed earlier. Symbol table path. In use, first run the virtual machine system. When bootloader selects the system to enter, press the up and down arrow keys to stop the countdown. Then, go to the real system and run the created WinDbg shortcut. After the shortcut is completed, select the system with the debugging mark in the virtual system. Return to the real system. After a while, we can see that the WinDbg output tells us that the two systems are connected, and the rest is debugging. When the windbg is connected, press Ctrl + Break to interrupt and enter the following command: Bu DriverName! DriverEntry(Case-insensitive) indicates an uncertain breakpoint. Then F5 (or enter G command) enables windbg to run. Use a third-party tool (for example, InstDrv) in a virtual machine to load and start your driver file. DriverEntryIt will be called. Since the breakpoint has just been completed, windbg is interrupted at the function entry. And it's at the source code level ~ It is very convenient. Possible problems: Recently, using vmware7.1.2, we found that the Serial Port name is "Serial Port 2". After using the above method, windbg cannot connect. Finally, you need to set com1 and com_1 in the above method to com2 and com_2 respectively.