Open in app

Sign in

Write

Sign in

WinDbg Kernel Debugging from a Host Machine to a Target VM on Hyper-V

Prince Pereira
2 min readNov 17, 2023

Kernel Debugging helps the developers to do live debug any kernel services in Windows.

The machine that runs the debugger is called the Host Machine, and the VM being debugged is called the Target VM.

STEPS

  • Make sure you have only 1 Target VM up and running.
  • Create and start a Target VM on Hyper-V
  • Get the Host Machine IP (Powershell in Host Machine)
ipconfig
  • Verify the Host Machine is reachable from Target VM (Powershell in Target VM)
ping -4 <Host IP>
  • Enable boot debugging in Target VM (PowerShell in Administrator mode in Target VM)
bcdedit /set TESTSIGNING ON
bcdedit /debug on
bcdedit /bootdebug on
  • Generate the Key for the Host Machine (In Target VM)
bcdedit /dbgsettings net hostip:<Host IP> port:[Random Port 50000 - 55000]
Eg: bcdedit /dbgsettings net hostip:10.1.1.1 port:50001

echo "<key>" > key.txt
  • Copy the generated key to Host Machine from Target VM
    Host Machine Path: C:\Shared
net use \\<Host Machine IP/Domain Name>\C$\Shared /user:<Domain Name>/<Username>
cp key.txt \\<Host Machine IP/Domain Name>\c$\Shared\.
  • Reboot the Target VM
  • Check Kernel Debug Network Adapter is present in Target VM
Start Menu 
  -> Device Manager 
    -> Network Adapters 
      -> Microsoft Kernel Debug Network Adapter
  • If Kernel Debug Network Adapter is not present, get the bus params:
  • In the above example, bus params (b, d, and f are the bus number, device number, and function number of the adapter) are: 0.20.3
  • If Kernel Debug Network Adapter needs to be created:
bcdedit /set "{dbgsettings}" busparams b.d.f

Eg: bcdedit /set "{dbgsettings}" busparams 0.20.3
  • Start WinDbg in Admin mode in Host Machine
  • Setup SymPath and SrcPath in Windbg
WinDbg 
  -> File 
    -> Settings 
      -> Debugging Settings 
        -> Modify Default Source Path and Symbol Path
  • Attach to Kernel of Target VM
File -> Start Debugging
  -> This Machine
    -> Attach to Kernel
      -> Net
        -> Provide Port: 50001, Key: <Value of the Key copied from Target VM>
  • Restart the Target VM
  • Enter “Break” to continue
Windows
Windbg
Kernel Debugging
Remote Kernel Debugging

--

--

Prince Pereira

Written by Prince Pereira

42 Followers

Senior Software Engineer - Microsoft | SDN | Java | Golang | DS & Algo | Microservices | Kubernetes | Docker | gRPC & Protocol Buffer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams