时间戳

首页 > 解决方案 > 教程:如何使用 WinDbg / KD 启动调试 VirtualBox Windows 虚拟机?

windows - 教程:如何使用 WinDbg / KD 启动调试 VirtualBox Windows 虚拟机?

问题描述

此问题旨在提供有关如何使用 WinDbg / KD 启动调试 VirtualBox Windows 虚拟机的教程

标签: windowsdebuggingvirtual-machinevirtualboxremote-debugging

解决方案

引导调试不适用于 VirtualKD,因此您需要手动创建管道

  1. 在客人上做:
bcdedit /debug on
bcdedit /bootdebug /on
bcdedit /bootdebug {bootmgr} /on
bcdedit /set {bootmgr} debugtype serial
bcdedit /set {bootmgr} baudrate 115200
bcdedit /set {bootmgr} debugport 1 
bcdedit /set debugtype serial
bcdedit /set baudrate 115200
bcdedit /set debugport 1

我认为bcdedit /dbgsettings serial debugport:1 baudrate:11520是后6个的捷径

  1. 关闭客人
  2. 转到虚拟机设置 -> 串行端口 -> 启用串行端口 -> COM1 -> 主机管道,然后键入要创建的管道的名称\\.\pipe\PipeName
  3. 启动虚拟机
  4. 在 WinDbg 上,转到文件 -> 内核调试 -> COM。选择管道并输入\\.\pipe\PipeName端口
  5. 在虚拟机的开始菜单上,重新启动
  6. 调试器将围绕初始断点进行连接,sxe ibp但不会中断。
  7. 在调试器上按 Ctrl Break 并执行sxe ld:bootmgr,或sxe ld:*在每个模块加载后中断,现在.reboot

引导管理器:

nt!RtlpBreakWithStatusInstruction:
fffff800`026df490 cc              int     3
kd> sxe ld:*
kd> sxe ibp
kd> .reboot
Shutdown occurred at (Sat Apr 17 10:35:32.815 2021 (UTC + 1:00))...unloading all symbol tables.
Waiting to reconnect...
BD: Boot Debugger Initialized
Connected to Windows Boot Debugger 7601 x86 compatible target at (Sat Apr 17 10:35:42.431 2021 (UTC + 1:00)), ptr64 FALSE
Kernel Debugger connection established.  (Initial Breakpoint requested)

************* Path validation summary **************
Response                         Time (ms)     Location
OK                                             c:\symbols

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is: c:\symbols
ReadVirtual() failed in GetXStateConfiguration() first read attempt (error == 997.)
Windows Boot Debugger Kernel Version 7601 UP Free x86 compatible
Machine Name:
Primary image base = 0x00400000 Loaded module list = 0x00491b80
System Uptime: not available
Break instruction exception - code 80000003 (first chance)
bootmgr!RtlpBreakWithStatusInstruction:
00443914 cc              int     3
kd> lm
start    end        module name
00400000 004ad000   bootmgr    (pdb symbols)          c:\symbols\bootmgr.pdb\DAAC2D2514AB41E8B3D8B9679BC922CB1\bootmgr.pdb
kd> k
 # ChildEBP RetAddr  
00 00061c74 0042f31c bootmgr!RtlpBreakWithStatusInstruction
01 00061e8c 0042f21c bootmgr!vDbgPrintExWithPrefixInternal+0xfe
02 00061e9c 0043f186 bootmgr!DbgPrint+0x11
03 00061eb8 0043f494 bootmgr!BlBdStart+0x9d
04 00061f50 0041f48e bootmgr!BlBdInitialize+0x17e
05 00061f60 0041e9b4 bootmgr!ReinitializeLibrary+0x24
06 00061f6c 00401178 bootmgr!BlInitializeLibrary+0x10
07 00061ff0 00020a9a bootmgr!BmMain+0x178
WARNING: Frame IP not in any known module. Following frames may be wrong.
08 00000000 f000ff53 0x20a9a
09 ffffffff 00000000 0xf000ff53
kd> .lastevent
Last event: Load module bootmgr at 00400000
  debugger time: Sat Apr 17 11:18:37.280 2021 (UTC + 1:00)

下载:

kd> sxe ld:*
kd> .reboot
Shutdown occurred at (Sat Apr 17 14:52:05.818 2021 (UTC + 1:00))...unloading all symbol tables.
Waiting to reconnect...
BD: Boot Debugger Initialized
Connected to Windows Boot Debugger 7601 x64 target at (Sat Apr 17 14:52:40.508 2021 (UTC + 1:00)), ptr64 TRUE
Kernel Debugger connection established.
Symbol search path is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
Executable search path is: c:\symbols
Windows Boot Debugger Kernel Version 7601 UP Free x64
Machine Name:
Primary image base = 0x00000000`002ef000 Loaded module list = 0x00000000`003a19e0
System Uptime: not available
winload!DebugService2+0x5:
00000000`00357055 cc              int     3
kd> k
Child-SP          RetAddr           Call Site
00000000`00183dd8 00000000`002fab04 winload!DebugService2+0x5
00000000`00183de0 00000000`002fb004 winload!BlBdStart+0x154
00000000`00183e40 00000000`0031c82f winload!BlBdInitialize+0x210
00000000`00183f00 00000000`0031bdb2 winload!InitializeLibrary+0x25b
00000000`00183f40 00000000`002f007c winload!BlInitializeLibrary+0x52
00000000`00183f70 00000000`00450d4c winload!OslMain+0x7c
00000000`00183ff0 00000000`00000000 0x450d4c

kd> lm
start             end                 module name
00000000`002ef000 00000000`003b2000   winload    (pdb symbols)          c:\symbols\winload_prod.pdb\768283CA443847FB8822F9DB1F36ECC51\winload_prod.pdb
kd> .lastevent
Last event: Load module winload.exe at 00000000`002ef000
  debugger time: Sat Apr 17 14:52:40.504 2021 (UTC + 1:00)

推荐阅读