Getting Started with Windows 10 Remote Kernel Debugging
| 2 min read
Have you seen Windows Blue Screen of Death (BSOD)? Do you want to know what was the cause of the BSOD? If you answer Yes to any one of the question you need to perform Windows Remote Debugging.
Today we will create setup to perform windows kernel debugging with Windows 10 as debugger and debuggee using VirtualBox using host-only network.
Requirements
- Windows 10 VMs (you can get development environment from Microsoft)
- VirtualBox
- Windows Debugging Tools
VM Configuration
Debugger Configuration:
| Type | Value |
|---|---|
| Hostname | Debugger |
| IP Address | 192.168.56.102 (VBox host-only network) |
Debuggee Configuration:
| Type | Value |
|---|---|
| Hostname | Debuggee |
| IP Address | 192.168.56.101 (VBox host-only network) |
Setting Up the Debuggee
Run Command Prompt as Administrator and execute:
bcdedit.exe /debug on
bcdedit.exe /dbgsettings net hostip:192.168.56.102 port:50000 key:kernel.debugging.is.funTo find the bus params of the network interface, open Device Manager, expand “Network adapters” and check the Location in properties.
Then run:
bcdedit /set {dbgsettings} busparams 0.8.0Setting Up the Debugger
- Start the Debugger VM
- Start WinDbg (x64) from
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe - Select File → Kernel Debug (or Ctrl + K)
- Enter the key “kernel.debugging.is.fun” and keep port as 50000
- Allow Windows Security Alert for public and private network access
Connecting
Now start the debuggee VM and you should see the connection establishment in WinDbg window.
Success! Now we can debug device drivers and investigate BSOD crashes!
Resources
The quieter you become, the more you are able to hear.
~Amit