教程:如何使用 WinDbg/KD 启动调试 VirtualBox Windows 虚拟机? [英] Tutorial: How to boot debug a VirtualBox Windows virtual machine using WinDbg / KD?

问题描述

这个问题的目的是提供一个关于如何使用 WinDbg/KD 启动调试 VirtualBox Windows 虚拟机的教程

This question is for the purpose of giving a tutorial on how to boot debug a VirtualBox Windows virtual machine using WinDbg / KD

推荐答案

启动调试不适用于 VirtualKD，所以您需要手动创建管道

Boot debugging does not work with VirtualKD, so you need to create the pipe manually

1. 在客人身上:
   

bcdedit /debug on
bcdedit /bootdebug /on
bcdedit /bootdebug {bootmgr} /on
bcdedit /set {bootmgr} debugtype serial
bcdedit /set {bootmgr} baudrate 115200
bcdedit /set {bootmgr} debugport 1 
bcdedit /set debugtype serial
bcdedit /set baudrate 115200
bcdedit /set debugport 1

我认为 bcdedit/dbgsettings serial debugport:1 baudrate:11520 是后面 6 的快捷方式

I think bcdedit /dbgsettings serial debugport:1 baudrate:11520 is a shortcut that does the latter 6

1. 关闭访客
2. 转到虚拟机设置 ->串口->启用串口 ->COM1 ->Host Pipe 然后输入管道的名称来创建 \\.\pipe\PipeName
3. 启动虚拟机
4. 在 WinDbg 上，转到文件 ->内核调试 ->通讯.选择 Pipe 并在 port
中输入 \\.\pipe\PipeName
5. 在 VM 的开始菜单上，重新启动
6. 调试器将围绕初始断点 sxe ibp 进行连接，但不会中断.
7. Ctrl Break 在调试器上执行 sxe ld:bootmgr 或 sxe ld:* 在每个模块加载后中断，现在 .reboot

1. Shut down the guest
2. Go to virtual machine settings -> serial ports -> enable serial port -> COM1 -> Host Pipe and then type the name of the pipe to create \\.\pipe\PipeName
3. Boot the VM
4. On WinDbg, go to File -> Kernel Debug -> COM. Select Pipe and type \\.\pipe\PipeName into port
5. On the start menu on the VM, restart
6. The debugger will connect around the initial breakpoint sxe ibp but will not break.
7. Ctrl Break on the debugger and do sxe ld:bootmgr, or sxe ld:* to break after each module load and now .reboot

bootmgr:

nt!RtlpBreakWithStatusInstruction:
fffff800`026df490 cc              int     3
kd> sxe ld:*
kd> sxe ibp
kd> .reboot
Shutdown occurred at (Sat Apr 17 10:35:32.815 2021 (UTC + 1:00))...unloading all symbol tables.
Waiting to reconnect...
BD: Boot Debugger Initialized
Connected to Windows Boot Debugger 7601 x86 compatible target at (Sat Apr 17 10:35:42.431 2021 (UTC + 1:00)), ptr64 FALSE
Kernel Debugger connection established.  (Initial Breakpoint requested)

************* Path validation summary **************
Response                         Time (ms)     Location
OK                                             c:\symbols

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is: c:\symbols
ReadVirtual() failed in GetXStateConfiguration() first read attempt (error == 997.)
Windows Boot Debugger Kernel Version 7601 UP Free x86 compatible
Machine Name:
Primary image base = 0x00400000 Loaded module list = 0x00491b80
System Uptime: not available
Break instruction exception - code 80000003 (first chance)
bootmgr!RtlpBreakWithStatusInstruction:
00443914 cc              int     3
kd> lm
start    end        module name
00400000 004ad000   bootmgr    (pdb symbols)          c:\symbols\bootmgr.pdb\DAAC2D2514AB41E8B3D8B9679BC922CB1\bootmgr.pdb
kd> k
 # ChildEBP RetAddr  
00 00061c74 0042f31c bootmgr!RtlpBreakWithStatusInstruction
01 00061e8c 0042f21c bootmgr!vDbgPrintExWithPrefixInternal+0xfe
02 00061e9c 0043f186 bootmgr!DbgPrint+0x11
03 00061eb8 0043f494 bootmgr!BlBdStart+0x9d
04 00061f50 0041f48e bootmgr!BlBdInitialize+0x17e
05 00061f60 0041e9b4 bootmgr!ReinitializeLibrary+0x24
06 00061f6c 00401178 bootmgr!BlInitializeLibrary+0x10
07 00061ff0 00020a9a bootmgr!BmMain+0x178
WARNING: Frame IP not in any known module. Following frames may be wrong.
08 00000000 f000ff53 0x20a9a
09 ffffffff 00000000 0xf000ff53
kd> .lastevent
Last event: Load module bootmgr at 00400000
  debugger time: Sat Apr 17 11:18:37.280 2021 (UTC + 1:00)

加载:

kd> sxe ld:*
kd> .reboot
Shutdown occurred at (Sat Apr 17 14:52:05.818 2021 (UTC + 1:00))...unloading all symbol tables.
Waiting to reconnect...
BD: Boot Debugger Initialized
Connected to Windows Boot Debugger 7601 x64 target at (Sat Apr 17 14:52:40.508 2021 (UTC + 1:00)), ptr64 TRUE
Kernel Debugger connection established.
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is: c:\symbols
Windows Boot Debugger Kernel Version 7601 UP Free x64
Machine Name:
Primary image base = 0x00000000`002ef000 Loaded module list = 0x00000000`003a19e0
System Uptime: not available
winload!DebugService2+0x5:
00000000`00357055 cc              int     3
kd> k
Child-SP          RetAddr           Call Site
00000000`00183dd8 00000000`002fab04 winload!DebugService2+0x5
00000000`00183de0 00000000`002fb004 winload!BlBdStart+0x154
00000000`00183e40 00000000`0031c82f winload!BlBdInitialize+0x210
00000000`00183f00 00000000`0031bdb2 winload!InitializeLibrary+0x25b
00000000`00183f40 00000000`002f007c winload!BlInitializeLibrary+0x52
00000000`00183f70 00000000`00450d4c winload!OslMain+0x7c
00000000`00183ff0 00000000`00000000 0x450d4c

kd> lm
start             end                 module name
00000000`002ef000 00000000`003b2000   winload    (pdb symbols)          c:\symbols\winload_prod.pdb\768283CA443847FB8822F9DB1F36ECC51\winload_prod.pdb
kd> .lastevent
Last event: Load module winload.exe at 00000000`002ef000
  debugger time: Sat Apr 17 14:52:40.504 2021 (UTC + 1:00)

这篇关于教程:如何使用 WinDbg/KD 启动调试 VirtualBox Windows 虚拟机?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！