教程:如何使用 WinDbg / KD 启动调试 VirtualBox Windows 虚拟机? [关闭]

【问题标题】:Tutorial: How to boot debug a VirtualBox Windows virtual machine using WinDbg / KD? [closed]教程:如何使用 WinDbg / KD 启动调试 VirtualBox Windows 虚拟机? [关闭]
【发布时间】:2021-07-12 04:05:00
【问题描述】:

这个问题的目的是提供一个关于如何使用 WinDbg / KD 引导调试 VirtualBox Windows 虚拟机的教程

【问题讨论】:

    标签: windows debugging virtual-machine virtualbox remote-debugging


    【解决方案1】:

    Boot debugging does not work with VirtualKD,所以需要手动创建管道

    1. 对客人做:
    bcdedit /debug on
bcdedit /bootdebug /on
bcdedit /bootdebug {bootmgr} /on
bcdedit /set {bootmgr} debugtype serial
bcdedit /set {bootmgr} baudrate 115200
bcdedit /set {bootmgr} debugport 1 
bcdedit /set debugtype serial
bcdedit /set baudrate 115200
bcdedit /set debugport 1

    我认为bcdedit /dbgsettings serial debugport:1 baudrate:11520是后6个的捷径

    1. 关闭来宾
    2. 进入虚拟机设置 -> 串口 -> 启用串口 -> COM1 -> 主机管道,然后输入管道名称以创建\\.\pipe\PipeName
    3. 启动虚拟机
    4. 在 WinDbg 上,转到文件 -> 内核调试 -> COM。选择管道并在端口中输入\\.\pipe\PipeName
    5. 在 VM 的开始菜单上,重新启动
    6. 调试器将围绕初始断点sxe ibp 进行连接,但不会中断。
    7. 在调试器上按Ctrl Break 并执行sxe ld:bootmgrsxe ld:* 在每个模块加载后中断,现在.reboot

    引导管理器:

    nt!RtlpBreakWithStatusInstruction:
fffff800`026df490 cc              int     3
kd> sxe ld:*
kd> sxe ibp
kd> .reboot
Shutdown occurred at (Sat Apr 17 10:35:32.815 2021 (UTC + 1:00))...unloading all symbol tables.
Waiting to reconnect...
BD: Boot Debugger Initialized
Connected to Windows Boot Debugger 7601 x86 compatible target at (Sat Apr 17 10:35:42.431 2021 (UTC + 1:00)), ptr64 FALSE
Kernel Debugger connection established.  (Initial Breakpoint requested)

************* Path validation summary **************
Response                         Time (ms)     Location
OK                                             c:\symbols

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is: c:\symbols
ReadVirtual() failed in GetXStateConfiguration() first read attempt (error == 997.)
Windows Boot Debugger Kernel Version 7601 UP Free x86 compatible
Machine Name:
Primary image base = 0x00400000 Loaded module list = 0x00491b80
System Uptime: not available
Break instruction exception - code 80000003 (first chance)
bootmgr!RtlpBreakWithStatusInstruction:
00443914 cc              int     3
kd> lm
start    end        module name
00400000 004ad000   bootmgr    (pdb symbols)          c:\symbols\bootmgr.pdb\DAAC2D2514AB41E8B3D8B9679BC922CB1\bootmgr.pdb
kd> k
 # ChildEBP RetAddr  
00 00061c74 0042f31c bootmgr!RtlpBreakWithStatusInstruction
01 00061e8c 0042f21c bootmgr!vDbgPrintExWithPrefixInternal+0xfe
02 00061e9c 0043f186 bootmgr!DbgPrint+0x11
03 00061eb8 0043f494 bootmgr!BlBdStart+0x9d
04 00061f50 0041f48e bootmgr!BlBdInitialize+0x17e
05 00061f60 0041e9b4 bootmgr!ReinitializeLibrary+0x24
06 00061f6c 00401178 bootmgr!BlInitializeLibrary+0x10
07 00061ff0 00020a9a bootmgr!BmMain+0x178
WARNING: Frame IP not in any known module. Following frames may be wrong.
08 00000000 f000ff53 0x20a9a
09 ffffffff 00000000 0xf000ff53
kd> .lastevent
Last event: Load module bootmgr at 00400000
  debugger time: Sat Apr 17 11:18:37.280 2021 (UTC + 1:00)

    winload:

    kd> sxe ld:*
kd> .reboot
Shutdown occurred at (Sat Apr 17 14:52:05.818 2021 (UTC + 1:00))...unloading all symbol tables.
Waiting to reconnect...
BD: Boot Debugger Initialized
Connected to Windows Boot Debugger 7601 x64 target at (Sat Apr 17 14:52:40.508 2021 (UTC + 1:00)), ptr64 TRUE
Kernel Debugger connection established.
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is: c:\symbols
Windows Boot Debugger Kernel Version 7601 UP Free x64
Machine Name:
Primary image base = 0x00000000`002ef000 Loaded module list = 0x00000000`003a19e0
System Uptime: not available
winload!DebugService2+0x5:
00000000`00357055 cc              int     3
kd> k
Child-SP          RetAddr           Call Site
00000000`00183dd8 00000000`002fab04 winload!DebugService2+0x5
00000000`00183de0 00000000`002fb004 winload!BlBdStart+0x154
00000000`00183e40 00000000`0031c82f winload!BlBdInitialize+0x210
00000000`00183f00 00000000`0031bdb2 winload!InitializeLibrary+0x25b
00000000`00183f40 00000000`002f007c winload!BlInitializeLibrary+0x52
00000000`00183f70 00000000`00450d4c winload!OslMain+0x7c
00000000`00183ff0 00000000`00000000 0x450d4c

kd> lm
start             end                 module name
00000000`002ef000 00000000`003b2000   winload    (pdb symbols)          c:\symbols\winload_prod.pdb\768283CA443847FB8822F9DB1F36ECC51\winload_prod.pdb
kd> .lastevent
Last event: Load module winload.exe at 00000000`002ef000
  debugger time: Sat Apr 17 14:52:40.504 2021 (UTC + 1:00)

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2016-06-17
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2010-11-18
      • 1970-01-01
      • 2014-09-29
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode