Version 1 (modified by 13 years ago) ( diff ) | ,
---|
Windows Kernel Debugging Tips
Kernel Debugging Setup
Windows kernel debugging requires two computers - the "target computer" - is where the code being debugged is run, and the "host computer" - is where the debugger is run. Host & Target computers are connected either either by a Null-modem (Com-to-Com) cable or a Firewire (1394) cable. The 1394 is preferable since it is much faster.
Target Computer configuration for 1394 debugging
For Vista+ systems, run the following commands from the elevated console:
- bcdedit /copy {current} /d "Windows with 1394 debugger enabled (ch 10)"
- the command should create a new boot entry and print: "The entry was successfully copied to {guid-string}"
- bcdedit /set {the-above-guid-string} debug on
- bcdedit /set {the-above-guid-string} debugtype 1394
- bcdedit /set {the-above-guid-string} channel 10
- NOTE: any channel number could be used, but the channel used by the host and the target should batch ofcourse. We use 10 here throughout this article for simplicity.
- NOTE: once you don't need kernel debugging anymore, you can remove the above entry by the following command run from an elevated console:
bcdedit /delete {the-above-guid-string}
Host Computer configuration
- Install Debugging Tools For Windows. You can install it as a stand-alone component from the Windows SDK in a way described here.
- Both 32bit and 64bit versions of Debugging Tools could be used for debugging both 32bit and 64bit Targets.
- Run the WinDbg debugger: "Start"->"All Programs"->"Debugging Tools For Windows"->"WinDbg".
- Setup WinDbg symbol paths: "File"->"Symbol File Path" -> in the "Symbol File Path" dialog enter "srv*c:\symbols*http://msdl.microsoft.com/download/symbols" (w/o quotes) in the edit box->"OK"
- NOTE: the C:\symbols here is the path of your downstream store, i.e. the path where the downloaded symbols would be stored/cached. You can use any path for that.
Starting Kernel Debugging
Once both Host & Target computers are configured with the above steps, you can start kernel debugging by the following steps:
- Connect Host and Target computer with a 1394 cable (for 1394 debugging) or with a null-modem cable (for null-modem debugging).
- Follow the steps below on the host and then on target machine respectively:
Host Computer
- Run the WinDbg debugger: "Start"->"All Programs"->"Debugging Tools For Windows"->"WinDbg".
- NOTE: you need to run it with elevated privileges (i.e. "Run As Administrator") the first time you want to setup a 1394 kernel debugging so that it is able to install the necessary 1394 debugging driver.
- For 1394 debugging: in WinDbg do: "File"->"Kernel Debug"->open "1394" tab and type "10" (w/o quotes) in the "Chanel" edit box->press "OK"
- The first time you do it you'll see some progress while WinDbg is installing the 1394d driver.
- Finally windbg should print something like
Opened \.\DBG1394_INSTANCE10 Waiting to reconnect...
Target Computer
- Power-on the Target Computer
- In the displayed boot menu select the entry you previously added using steps in the "Kernel Debugging Setup" section above, e.g. "Windows with 1394 debugger enabled (ch 10)"
Common Kernel Debugging Tasks
NOTE: unless otherwise specified all the tasks here list the WinDbg commands that should be entered in a debugger command window. The command window becomes active only when the debuggee is break in the debugger. To force the target system to break use <ctrl>+<break>, to resume use "g" command (in a debugger command window ofc)
Creating a dump file with WinDbg
- Minidump
.dump /m <dump\file\path\on\the\host\system.dmp>
- Full memory dump
.dump /f <dump\file\path\on\the\host\system.dmp>