Limitations of Local Kernel Mode Debugging in Windbg? - windbg

Are there some limitations to the Local Kernel Mode Debugging option in Windbg?
I am running Win XP SP3 inside a VM using VMWare Workstation. The Host operating system is: Windows 7 SP1
I want to perform Kernel Debugging using Windbg inside the VM.
However, few commands are not working. For instance,
lkd> !process -0 0
PROCESS 82cd38b0 SessionId: 0 Cid: 0cd4 Peb: 7ffd6000 ParentCid: 0638
DirBase: 0e740300 ObjectTable: e2474a10 HandleCount: 43.
Image: notepad.exe
lkd> .process /i 82cd38b0
^ Operation not supported by current debuggee error in '.process /i 82cd38b0'
Image: notepad.exe
lkd> !lmu
No export lmu found
So, my guess is that these are limitations of the local kernel mode debugging option of windbg.

Local kernel mode debugging is very limited, you can't even set a breakpoint. More about limitations here.
Set up a remote kernel debug via COM port on the guest system with redirection to a pipe on the host system. Then you can execute all debugging commands.

Related

Why i am not able to install Postgresql (PostgreSQL-9.6.2-2-win64-bigsql.exe)? Windows

I am not able to understand why this happen ?
Log started 07/02/2018 at 14:08:21
Preferred installation mode : win32
Trying to init installer in mode win32
Mode win32 successfully initialized
[14:08:24] Initializing PostgreSQL installer
[14:08:24] Windows Version is: Windows 7 (6.1)
[14:08:24] Operating System Language is: en
[14:08:24] Current build_identifier is: 9.6.2-2
[14:08:24] System PATH:
**All path of my system**
[14:08:24] Initializing pg96 variables
[14:08:24] Download url: https://s3.amazonaws.com/pgcentral
[14:08:24] PostgreSQL Locale to install: DEFAULT
Setting variable windows_net_session_exitcode from C:\Users\himanshu-sharma\AppData\Local\Temp\postgresql_himanshu-sharma/net-session-exit-code.bat
Script exit code: 1
Script output:
Script stderr:
'"C:\Users\HIMANS~2\AppData\Local\Temp\POSTGR~1\NET-SE~1.BAT"' is not recognized as an internal or external command,
operable program or batch file.
Error with configuration or permissions. Please see log file for more information.
Credit to #RAM answer in this . Problems Installing PostgreSQL 9.2
Solution:
Open command prompt in admin mode
Execute following command to change the format based on your drive or all drives
Sample commands:
fsutil 8dot3name set 1
This disable 8dot3 name creation on all volumes
fsutil 8dot3name set C: 1
This disable 8dot3 name creation on c:
Execute the installation as a user having admin privileges
After install, consider resetting the 8dot3name setting to default (2) to avoid unintended consequences
Hope it solves the problem!

How to determine if I'm in powershell or cmd?

I've been playing with OpenSSH on Windows and it looks like the normal Unix aliases are missing. I'm not sure whether it's starting powershell or cmd when I log in to a Windows machine via SSH. What's the correct way to see the currently running shell on Windows?
All credit goes to PetSerAl, this had to be posted as an aswer:
(dir 2>&1 *`|echo CMD);&<# rem #>echo PowerShell
Within Win32-OpenSSH this command also works, and outputs CMD.
NB : Win32-OpenSSH seems a bit limited, cd is not recognized on my system.
I'd like to expand on #sodawillow's answer to also distinguish between using Powershell (powershell.exe) known as Desktop and PWSH (pwsh.exe) known as Core.
(dir 2>&1 *`|echo CMD);&<# rem #>echo ($PSVersionTable).PSEdition
# Returns one of: CMD, Core, Desktop
This works in all instances where a sub-shell is not instantiated. What that means is that it does not work from opening a default sub-process in Python, as it always uses CMD when interacting with windows. This is actually set by the Windows environment variable: ComSpec always pointing to C:\Windows\system32\cmd.exe.
For example:
(Starting the python interpreter from a pwsh shell.)
>>> import os, subprocess
>>> c="(dir 2>&1 *`|echo CMD);&<# rem #>echo($PSVersionTable).PSEdition"
>>> subprocess.call(c,shell=True)
CMD
For other Python shell detection schemes, please see this good post.
UPDATE: 2020-05-01
I managed to get the above working, but with the obnoxious side effect of always loading the powershell profile, before executing. The trick was to specify execute=<path-to-powershell-exe> like this:
(Start a python CLI.)
import os, subprocess
c="(dir 2>&1 *`|echo CMD);&<# rem #>echo($PSVersionTable).PSEdition"
e="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
subprocess.call(c, shell=True, executable=e)
# output:
# <blah blah from profile>
# Desktop
# 0
I have not been able to circumvent the powershell profile issue. But apparently it is something being worked on. See here and here.

QEMU - redirect guestOS booting to host machine

I used QEMU to bring CentOS.img (downloaded some where). I find the boot screen of CentOS.img took over the console session of the current terminal and I could see CentOS booting up process and prompts me to the login screen of the guestVM CentOS. This is really helpful for me as I ran QEMU instance from remote console machine.
Now, I created a new RHEL.img using iso and when I try to boot it; I was not able to see anything in the screen other then some symbol of (Y) :(
$>/usr/libexec/qemu-kvm -hda ./RHEL.img -bios bios.bin -nographic -net nic,model=e1000,macaddr=00:AD:BE:EF:4F:BD -net tap,script=./qemu-ifup -m 1024 -smp 2
...Y
on investigation, I find we can do it by redirecting RHEL boot to console using
# virt-edit RHEL_VM /boot/grub/grub.conf
...
title rhel (2.6.38.6-26.rc1.fc15.x86_64)
root (hd0,0)
kernel /vmlinuz ro [...] console=ttyS0
...
but nothing worked out. I am trying to bring the rhel VM session to the same console where I invoked qemu-kvm from remote terminal. Thanks in advance.
NOTE: I don't have GUI enabled on the physical host machine.
You could try adding a serial port and sending output to that. Although you do have to be able to boot it at least once to do these steps...
You might get lucky if you just add a serial port to the qemu command line and then telnet to that; hoping linux detects this and sends output there
edit /etc/init/ttyS0.conf and add
respawn
console none
start on (local-filesystems)
stop on [!12345]
script
exec start ttyS0
end script
then
ln -s /etc/init/ttyS0.conf /etc/rc2.d/S99ttyS0.conf
ln -s /etc/init/ttyS0.conf /etc/rc0.d/S99ttyS0.conf
ln -s /etc/init/ttyS0.conf /etc/rc6.d/S99ttyS0.conf
then do this to enable grub
Edit /etc/default/grub
1. Edit the GRUB_CMDLINE_DEFAULT="" line to start the console on /dev/ttyS0
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,38400n8"
2. Add a serial console section
# Serial console
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --speed=38400 --unit=0 --word=8 --parity=no --stop=1"
3. Rebuild the grub.cfg file
sudo sh
grub-mkconfig > /boot/grub/grub.cfg

How to set windbg as postmortem debugger for elevated applications?

I have windbg registered as postmortem debugge (via -I command-line switch) and all works fine for non-elevated applications. But if elevated applications crashes, windbg starts and displays "Could not attach to process. Access is denied" error. Is it possible to somehow configure windbg so it will work as postmortem debugger for elevated apps?
Since you mentioned that it's an x86 app on an x64 system, you need to set these regkeys in Wow6432Node:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug]
"UserDebuggerHotKey"=dword:00000000
"Debugger"="\"C:\\debuggers\\windbg.exe\" -p %ld -e %ld -g"
"Auto"="1"
Note that these are both string values (REG_SZ) and I'm assuming that the windbg.exe is installed in C:\debuggers. Change that as appropriate.

Running perl script with Net::SSH::Expect package in cygwin environment from DOS CMD

I am sucessed to run the Perl script which uses Net::SSH::Expect package from the cygwin command prompt. but i want to schedule the same script through the task schedular of windows 2003 or throught the crontab of cygwin or to run from DOS command prompt the script is failing in middle with below error.
Error:
SSHAuthenticationError Login timed out. The input stream currently has the conte
nts bellow: Pseudo-terminal will not be allocated because stdin is not a termina
l.
at /usr/lib/perl5/site_perl/5.10/Expect.pm line 828
Password:
can any body help me out in this..
Thanks in advance.
kishore.
You need to either force or disable the allocation of the pseudy TTY in your command line which launches SSH, by passing the -T or -t option to SSH. From the SSH man page:
-T Disable pseudo-tty allocation.
-t Force pseudo-tty allocation. This can be used to execute arbi-
trary screen-based programs on a remote machine, which can be
very useful, e.g. when implementing menu services. Multiple -t
options force tty allocation, even if ssh has no local tty.