I want to connect windbg to Bochs virtual machine in order to debug the os, But the windbg terminates when the os boot operation starts (without any error message.)
Please consider that I have already connected windbg to Bochs through com port.
The reason this problem occurred was because of Windows first debug message. (the message was modified in Bochs for no reason and caused the windbg to crash)
I solved the problem by modifying the Bochs source code. I created a thread to create pipes after the os is booted so the Windows message is not being sent
Related
We are running the latest raspibian on the raspberry pi board and have a kernel driver for a USB peripheral which is added externally (sudo insmod driverx.ko) after boot-up by connecting to the hardware using ssh (its a headless system).
The problem is as follows:
If the device is already connected to the system upon power-up then running sudo insmod driverx.ko leads to the terminal getting stuck (no response, Ctrl+C doesn't work). Running lsmod by starting another ssh session shows that the module is in use even though there is no code running that will use it.
If I plug the USB device after the system boots up then sudo insmod driverx.ko works normally, (the terminal is still active). Running lsmod subsequently shows that that module is loaded but not in use by anyone. I can then run my user code and everything is fine. Upon running my user code lsmod shows the kernel module is in use and the number of users is 1.
In our system the USB device will always be plugged in. The kernel version and the driver version are the same.
I can fill in more details but do not wish to bias or make this query un-readble.
Please advise on what could the problem be.
Thank you for your time and help.
Possibility is that, the device is already attached into some other driver during startup. If it’s the case, the device credential of your specific device has to be removed from the startup driver.
Check the USB device list before to insert your driver.
I'm following this article https://msdn.microsoft.com/en-us/library/windows/hardware/mt269367(v=vs.85).aspx and I've gotten to the step where you run the command to start WinDbg.
WinDbg –k net:port=50000,key=1.2.3.4
However, when WinDbg restarts it is stuck on "Waiting to reconnect..." and it shows "Debugee not connected" at the bottom. I've tried unplugging the Ethernet cable multiple times as well as restarting the target multiple times. I can also ping the host computer from the target. Oddly, I can't ping the target from the host.
The host machine is running Windows 7 and the target machine is Windows 8.
So I turned off the firewall on the host and it started to work.
I am currently taking an operating systems class and I need to use qemu to run a small operating system that my professor provided. I am trying to use qemu within an ubuntu 12.04 virtual machine on virtualbox on my macbook air 5.2. I know the problems I am having probably have to do with nested virtualization but the specific error I get when I try to run qemu is:
Could not access the KVM kernel module: No such file or directory
failed to initialize KVM: no such file or directory
Back to tcg accelerator.
qemu does start up the os but the window flickers quite a lot and I would like to fix the KVM problem if possible. I've done research but I can't find a solution I can understand or that works so any help would be greatly appreciated.
Also for the ubuntu virtual machine in virtualbox I have both Enable VT-x/AMD-V and Enable Nested Paging checked under Hardware Virtualization. I've also tried using
modprobe kvm-intel
and I get this error:
FATAL: Error inserting kvm_intel (/lib/modules.3.5.0-22-generic/kernel/arch/x86/kvm/kvm-intel.ko): Operation not permitted.
In my case, the virtualization was disabled.
So sudo modprobe kvm-intel kept giving me the following error
could not insert 'kvm_intel': Operation not supported
I just had to go in the BIOS and enable Virtualization.
Try with sudo modprobe kvm-intel.
In order to have the module automatically loaded at the startup of the virtual machine, do the following:
Edit the corresponding file from the shell with sudo vim /etc/modules.conf
Possibly enter your username password.
Press the key G to go to the end of the document and then o to begin inserting.
Write kvm-intel and press Enter, producing a new line.
Press Esc to return to the Normal mode of vim. "--INSERT--" will disappear from
the bottom.
Save the file and exit vim by writing :wq.
You are done. Try to reboot and load the nested virtual machine.
I used to debug the Windows Kernel using VirtualKD, WinDBG and a single Virtual Machine.
Recently I got a Linux machine, and now I wonder- What's the easiest way to debug the Windows Kernel when your host is unable to run VirtualKD/WinDBG*?
I assume the solution will require two Virtual Machines, but I rather have two instances hosted on my actual machine rather than having an instance residing inside another virtual instance...
Is there anyway to make that work?
Thanks in advance!
*Wine is the last resort for stability reasons...
Solved! Basically, I ended up using two (VirtualBox) VMs emulating a Serial connection (null-modem cable) over a Unix domain socket (on the host). For more info, read below:
Hardware setup*:
Debuggee:
Ensure the machine is turned off and edit Serial Ports settings.
Enable Port 1, and assign values as follows: Port Number: COM1, Port Mode: Host Pipe, Create Pipe: Unchecked (client), Port/File Path: /tmp/win_link.
Debugger:
Same as above (using the same path), only this time Create Pipe should be Checked (server).
Debugger setup:
Run WinDBG and press Ctrl+K to invoke Kernel Debugging.
in COM, enter: Baudrate: 115200, Port: COM1, Resets: 0 and verify that Pipe and Reconnect are unchecked (important).
You'll be presented with the following output: Opened \\\\.\com1 Waiting to reconnect...
Debuggee setup:
Run bootcfg /debug on /port com1 /baud 115200 /id 1. To verify, run bootcfg.**
Reboot.
Quite early during the booting stage, WinDBG on the other machine should detect the debuggee is running.
*Assuming VirtualBox is used. VMWare/KVM users will probably be able to achieve the same results following similar steps. Also, for more info refer to the VirtualBox docs.
**Assuming guests are Windows XP. Later versions include bcdedit, which may be used as described here.
For QEMU\KVM follow those instructions:
http://www.linux-kvm.org/page/WindowsGuestDrivers/GuestDebugging
Very helpful but applies to Windows XP machines. You can refer to the following link if you need to configure 2 Windows7-based virtual machines on a Linux host: http://www.aldeid.com/wiki/Category:Digital-Forensics/Computer-Forensics/Debugger/Kernel
Another option nowadays is to enable local kernel debugging. This comes with some limitations, however it will enable you to access kernel data while just using one VM.
This approach only works on Windows 8.0 and Windows Server 2012 and later.
Follow these steps:
Open a Command Prompt window as Administrator.
Enter bcdedit /debug on
If the computer is not already configured as the target of a debug transport, enter bcdedit /dbgsettings local
Reboot the computer.
Once the system is rebooted, you can execute WinDBG as Administrator, press ctrl+k or go to File -> Attach to kernel -> Local and press OK.
At that point, you will be able to execute kernel-only commands and access kernel structures:
Tested under Windows 10 and with the new WinDBG version (preview).
Reference: Setting Up Local Kernel Debugging of a Single Computer Manually
I have the following configuration:
Host OS: Windows 7 SP1
Guest OS: Windows XP SP3 Pro
Guest OS is running inside VMWare Workstation version 7
I have configured a virtual serial port on the VM of type "output named pipe" and the following name:
\\.\pipe\whatever
I have also added the appropriate options to the boot.ini file on Win XP SP3 Pro image to allow for debugging (/debugport=com1 baudrate=115200)
in windbg, I configure the Kernel Debug option by going to:
File->Kernel Debug
and selecting the COM tab and configuring as follows:
Giving port name as:
\\.\pipe\whatever
and checking the Pipe box.
I boot up the Windows XP SP3 VM and select the second entry which has debug mode enabled. Right after I do this, I click on Ok inside the Windbg to start the kernel debugging session.
But even then it remains stuck at the following message:
Opened \.\pipe\whatever
Waiting to reconnect...
It says "Debuggee not connected" and stays at that message even after Virtual Machine boots up completely. The status of the Virtual Serial port in the VmWare also shows as Connected.
I have checked the network connections.
The VM has the Network Adapter in the Bridged Mode and I am able to ping the Guest OS and Host OS from each other successfully.
Your problem is likely to be that WinDbg isn't breaking on connect, so it's connected but it doesn't say so, and you think it's not working.
I had better luck running WinDbg from the command line with a -b, though I notice this option might have been removed in the later builds. I've tested with 6.12.0002.633 x86.
windbg -b -k com:pipe,port=\\.\pipe\com_1
(From here.)
I have had the same problem, and after changing the port at your windows guest (the one at the vmware) you should be connect. In my case the port at the boot.ini file was com1 and i have changed it to com2.
Did you also enable /debug in the boot.ini?
It could also be your VMWare serial port configuration. Config should be:
Use named pipe: \.\pipe\whatever
This end is the server.
The other end is an application.
Yield CPU on poll should be checked.
More info here:
http://www.vmware.com/support/ws5/doc/ws_devices_serial_advanced_example_debugging.html