Debugging Windows Kernel from Linux

Question

I used to debug the Windows Kernel using VirtualKD, WinDBG and a single Virtual Machine.

Recently I got a Linux machine, and now I wonder- What's the easiest way to debug the Windows Kernel when your host is unable to run VirtualKD/WinDBG*?

I assume the solution will require two Virtual Machines, but I rather have two instances hosted on my actual machine rather than having an instance residing inside another virtual instance...

Is there anyway to make that work?

Thanks in advance!

*Wine is the last resort for stability reasons...

Answer 1

Solved! Basically, I ended up using two (VirtualBox) VMs emulating a Serial connection (null-modem cable) over a Unix domain socket (on the host). For more info, read below:

Hardware setup*:

• Debuggee:
  • Ensure the machine is turned off and edit Serial Ports settings.
  • Enable Port 1, and assign values as follows: Port Number: COM1, Port Mode: Host Pipe, Create Pipe: Unchecked (client), Port/File Path: /tmp/win_link.
• Debugger:
  • Same as above (using the same path), only this time Create Pipe should be Checked (server).

Debugger setup:

• Run WinDBG and press Ctrl+K to invoke Kernel Debugging.
• in COM, enter: Baudrate: 115200, Port: COM1, Resets: 0 and verify that Pipe and Reconnect are unchecked (important).
• You'll be presented with the following output: Opened \\\\.\com1 Waiting to reconnect...

Debuggee setup:

• Run bootcfg /debug on /port com1 /baud 115200 /id 1. To verify, run bootcfg.**
• Reboot.
• Quite early during the booting stage, WinDBG on the other machine should detect the debuggee is running.

*Assuming VirtualBox is used. VMWare/KVM users will probably be able to achieve the same results following similar steps. Also, for more info refer to the VirtualBox docs.

**Assuming guests are Windows XP. Later versions include bcdedit, which may be used as described here.