Lab 18b Kernel Debugging With WinDbg
Lab 18b Kernel Debugging With WinDbg
Lab 18b Kernel Debugging With WinDbg
)
What You Need
A Windows 7 machine with VMware Player installed.
A Windows XPSP3 virtual machine to examine.
Purpose
Introduction to WinDbg and kernel debugging
notepad c:\boot.ini
In Notepad, copy the existing boot line, paste it at the end of the file, and add these switches to the end of the line, as shown below:
If you cannot save the file, open a Command Prompt and execute this command, to remove the Read-only, System, and Hidden flags from the file:
attrib -R -S -H c:\boot.ini
At the lower right of VMware Player, click "Edit virtual machine settings".
In the left side of the "Virtual Machine Settings" box, click the Add... button.
In the "Serial Port Type" box, click "Output to named pipe", as shown below.
Click Next.
\\.\pipe\com_1
as shown below.
Click Finish.
In the "Virtual Machine Settings" box, on the lower right, click the "Yield CPU on poll" box, as shown below.
WinDbg can download them automatically as needed, but downloading them separately is the best procedure if you plan to work without always being connected to a
reliable, high-speed Internet connection.
http://msdn.microsoft.com/en-us/windows/hardware/gg463028.aspx
Download the symbol file for "Windows XP with Service Pack 3 x86 retail symbols, all languages", as shown below.
You end up with an EXE file. Run it in the WINDBG machine. Accept all the default options.
First it will extract into a temporary directory with a long name, then it will automatically extract into C:\Windows\Symbols. Accept that selection.
http://msdn.microsoft.com/en-US/windows/desktop/bg162891
Accept the agreement and click the "Accept & Install" button.
In the "Specify Location" box, accept the default options, as shown below.
Click Next.
In the "Join the Customer Experience Improvement Program (CEIP)" box, accept the default selection of No and click Next.
In the "Select the features you want to install" box, clear all the check boxes except "Debugging Tools for Windows", as shown below.
Click Install.
When the process is complete, you see a message saying "Welcome to the Windows Software Deveopment Kit for Windows 8.1!".
Click Close.
In WinDbg, click File, "Symbol File Path". Enter this line, as shown below:
SRC*c:\windows\symbols*
When you should see two boot-menu options, choose the second one, "Microsoft Windows XP Professional with debugger enabled", as shown below.
\\.\pipe\com_1
and check the Pipe box, as shown below. Then click OK.
Your WINDBG machine should now show the message "Connected to Windows XP", as shown below. (The figure below shows "com_2" instead of "com_1", just ignore
that.)