How you seen Windows Blue Screen of Death BSOD? If not either you are too young or you use UNIX (you’re awesome). Do you want to know what was the cause of the BSOD? Do you want to possibly fix the BSOD problem? If you answer Yes to any one of the question you need to perform Windows Remote Debugging.

Today we will create setup to perform windows kernel debugging with Windows 10 as debugger and debuggee using VirtualBox using host-only network. The same setup can be used by anyone who wish to perform remote kernel debugging.

Requirement to perform Windows Remote Debugging

• Windows 10 (For development purpose you can get Get a Windows 10 development environment)
• Virtual Box Download Virtual Box from here for FREE
• Windows Debugging Tools get it from here

Once you download the required applications now we can move further and get started with the setup. For this setup we will be using debugging over network because serial interface is SLOOOOOOW (and we are not in 90’s)

Create 2 Windows 10 VM in virtualbox (If you have just one you can create clone of it 🤪). Once we have the 2 Windows 10 VMs in place now it is the time to configure them. For sake of clarity I like to name the VMs as Debugger and Debuggee.

Debugger Configuration:

Debuggee Configuration:

Now that we have debugger and debuggee. We’ll set the debuggee first using following commands

Btw you need to be running command prompt as Administrator in order to run these commands. The first command enables the debugging for the complete OS and the second command defines the configutration to be used for the debugging. (in our case we are probiding the IP address, port of the debugger and the key)

bcdedit.exe /debug on
bcdedit.exe /dbgsettings net hostip:<DEBUGGER-S IP ADDRESS> port:50000 key:kernel.debugging.is.fun

Along with the above commands we need to check additional information about the network adaptor and execute another command. To find the bus params of the network interface open “Device Manager” (Windows + x –> Select Device Manager). Expand “Network adapters” and select the appropriate device’s properties menu. In this menu we are interested in “Location” list entry (for vboxnet0 this entry usually is PCI bus 0, device 8, function 0)

Now we are ready for the last command to enter on the debuggee

bcdedit /set {dbgsettings} busparams 0.8.0

Now we need to shut down the debuggee and setup our Debugger VM.

Now start the Debugger VM and start WinDbg (x64) C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe then select File -> Kernel Debug (alternatively hit Ctrl + K). Now enter the key defined while setting up the debuggee (in our case “kernel.debugging.is.fun”) keep the port to be 50000 as we used the same while setting up the debuggee and click OK.

• At this point Windows Security Alert window will appear. Allow public and private network access to Windbg

Now that the debugger is waiting we can start our debuggee and we should see the connection establishment in Windgb window

WoooHoo! Now we can debug any device drivers which lead to BSOD! We will discuss how to debug BSOD in next post. HTH Thank you! 😊

The quieter you become, the more you are able to hear.

Resources:

• https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk
• https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/performing-local-kernel-debugging
• http://windbg.info/doc/1-common-cmds.html
• https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/getting-set-up-for-debugging