从Linux调试Windows内核 [英] Debugging Windows Kernel from Linux

问题描述

我曾经使用 VirtualKD ， WinDBG 和单个虚拟机来调试Windows内核.

I used to debug the Windows Kernel using VirtualKD, WinDBG and a single Virtual Machine.

最近我有一台Linux机器，现在我想知道-当主机无法运行 VirtualKD/WinDBG * 时，调试Windows内核的最简单方法是什么?

Recently I got a Linux machine, and now I wonder- What's the easiest way to debug the Windows Kernel when your host is unable to run VirtualKD/WinDBG*?

我认为该解决方案将需要两个虚拟机，但是我宁愿在实际计算机上托管两个实例，而不是将一个实例驻留在另一个虚拟实例中...

I assume the solution will require two Virtual Machines, but I rather have two instances hosted on my actual machine rather than having an instance residing inside another virtual instance...

反正有做那个工作吗?

提前谢谢！

*出于稳定性考虑，葡萄酒是不得已而为之...

*Wine is the last resort for stability reasons...

推荐答案

已解决！基本上，我最终使用两个(VirtualBox) VM 在 Unix域套接字上模拟串行连接(空调制解调器电缆) (在主机上).有关更多信息，请阅读以下内容:

Solved! Basically, I ended up using two (VirtualBox) VMs emulating a Serial connection (null-modem cable) over a Unix domain socket (on the host). For more info, read below:

硬件设置*:

• 调试对象:
  • 确保关闭计算机并编辑串行端口设置.
  • 启用端口1 ，并分配以下值:端口号: COM1 ，端口模式:主机管道，创建管道:未选中(客户端)，端口/文件路径:/tmp/win_link .
  • Debuggee:
    • Ensure the machine is turned off and edit Serial Ports settings.
    • Enable Port 1, and assign values as follows: Port Number: COM1, Port Mode: Host Pipe, Create Pipe: Unchecked (client), Port/File Path: /tmp/win_link.
    • 与上面相同(使用相同的路径)，只有这次创建管道"应该被选中(服务器).
    • Same as above (using the same path), only this time Create Pipe should be Checked (server).

    调试器设置:

    • 运行WinDBG，然后按Ctrl + K调用内核调试.
    • 在 COM 中，输入:波特率:115200，端口:COM1，重置:0，并验证 Pipe 和Reconnect是否未选中 (重要).
    • 将显示以下输出:Opened \\\\.\com1 Waiting to reconnect...
    • Run WinDBG and press Ctrl+K to invoke Kernel Debugging.
    • in COM, enter: Baudrate: 115200, Port: COM1, Resets: 0 and verify that Pipe and Reconnect are unchecked (important).
    • You'll be presented with the following output: Opened \\\\.\com1 Waiting to reconnect...

    Debuggee设置:

    Debuggee setup:

    • 在/port com1/baud 115200/id 1 上运行 bootcfg/debug .要进行验证，请运行 bootcfg .**
    • 重新启动.
    • 在启动阶段的早期，另一台计算机上的WinDBG应该会检测到调试对象正在运行.
    • Run bootcfg /debug on /port com1 /baud 115200 /id 1. To verify, run bootcfg.**
    • Reboot.
    • Quite early during the booting stage, WinDBG on the other machine should detect the debuggee is running.

    *假设使用VirtualBox. VMWare/KVM用户可能可以通过类似的步骤获得相同的结果.另外，有关更多信息，请参考 VirtualBox文档.

    *Assuming VirtualBox is used. VMWare/KVM users will probably be able to achieve the same results following similar steps. Also, for more info refer to the VirtualBox docs.

    **假设来宾为Windows XP.更高版本包括bcdedit，可以按

    **Assuming guests are Windows XP. Later versions include bcdedit, which may be used as described here.

    这篇关于从Linux调试Windows内核的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！