Sunday, May 15, 2011

VirtualBox kernel debugging a Windows XP Guest



Below are the steps to debug the kernel of a Windows XP guest running through a VitualBox hypervisor.


Windbg configuration(File->Kernel Debug...)





VirtualBox VM settings



In order to get the guest kernel to listen for a debugger connecting to it, C:\boot.ini on the guest Windows XP VM has to be edited. The boot.ini file now looks like this:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /debugport=COM1 /baudrate=115200

In order to debug the guest, start windbg and select "File->Kernel Debug...", hit OK, and then start the VM in Virtual Box. The output in windbg shows that that there is a kernel attached.

4 comments:

  1. I was looking for exactly the same..you made my day..thanks man

    ReplyDelete
  2. Hello neil,

    Actually I have Ubuntu as my Host/Base OS. I want to debug Windows kernel (Running on a virtual box)remotely from another windows system installed in virtual box system both running on same host Ubuntu.Can you please tell me if its possible or not.If yes then can please tell how how can i achieve that.

    Thanks in Advance
    Debasish

    ReplyDelete
    Replies
    1. Thanks for reading. I have not tried that setup with VirtualBox.

      My guess would be that in VirtualBox, you check "Create Pipe" as shown above in the settings of the target VM(the one whose kernel you want to debug) and you leave that box unchecked on the VM running WinDbg. Make sure the "Port/File Path" has the same value for both the VMs. Thats how you make both VMs communicate via the smae pipe.

      I know how to remotely debug userland via TCP/IP too. Let me know if you need help with that.

      Delete
    2. Hello Neil,

      Thanks for your reply.Actually I followed this post http://stackoverflow.com/questions/12696825/debugging-windows-kernel-from-linux. And It worked for me.

      Thanks

      Delete