Kernel Debugging

November 7, 2017

For this exercise, I used two VMs running in VMware Workstation 14 Player. You can use whatever you want.

• Windows 10 x64 machine (this is the debugger machine with WinDbg installed)

• Windows 8.1 x86 (this is the debuggee machine)

Now follow the steps below:

1. Used NAT from VMWare for both VMs (which is the default settings and hence you should not need to do anything).

2. In each VM, use dynamic IP/DNS.

3. Here is my IPs on each machine:

Win 10: 192.168.210.134 (debugger)
Win 8.1: 192.168.210.133 (debuggee)

4. In debuggee, open a command prompt with admin privilege and run the followings:

bcdedit /debug on
bcdedit /dbgsettings net hostip:192.168.210.134 port:50000 key:xyz.
cdedit /set “{dbgsettings}” busparams 11.0.0

5. In the debugger machine, open WinDbg x86, go to File -> Kernel Debug -> NET, and enter the port number and the key, and hit OK:

6. Once the debugger connect to the kernel of the debuggee, hit the BREAK (CTRL + BREAK) button. You are ready to debug. Sometimes you may need to hit the BREAK button a couple of times and wait for the debugger to connect to the debuggee. If you still have the problem, try restarting the debuggee machine while you are trying to connect from the debugger machine.