windbg 驱动调试

1、本文主要记录个人安装VMware+Windgb+Win7内核驱动调试的笔记。一、安装环境1 主机：Windows Vista Bussiness2 虚拟机：VMware 73 GUestOS: Win74 Windbg: 6.11 二、虚拟机配置打开相应 vmware 虚拟机上的 “Virtaul Machine Settings“2.“Hardware”选项中 -> 点击“Add”添加一个串口设备 SeriallPort .3.”Next”,在 “Serial Port” 里选中 “Output to named pipe”4.”next”,然后如下设置：5.确定之后，回到如下界面，在

2、右脚”Virtual Machine Settings” 页面时，在“I/O Mode” 里选中“Yield CPU on poll“6. Ok之后就设定完毕了。三、Windbg设置下载地址： Windbg安装之后，设置一个桌面快捷方式，然后，右键->属性，在Target中的引号后面添加如下：-b -k com:pipe,port=.pipecom_1,resets=0或者是： -b -k com:port=.pipecom_1,baud=115200,pipe 【二者似乎皆可】四、GuestOS设置Vista和XP不同, 没有boot.ini文件, 需要用bcdedit进行启动设置。1

3、. 在administrator权限下, 进入command line模式, 键入bcdedit命令, 会出现以下界面:2. 然后, 设置端口COM1, baudrate为115200 (除COM1外, 也可以用1394或USB. 1394用起来比COM口快多了, 当然前提是你需要有1394卡及其驱动. 很恶心的是Vista不再支持1394的文件传输协议, 但是用windbg双机调试还是可以的)命令为:bcdedit /dbgsettings serial baudrate:valuedebugport:value | 1394 channel:value | usb 3.接着, 我们需要复制

4、一个开机选项, 以进入OS的debug模式命令为:bcdedit /copy current /d DebugEntyDebugPoint 为选项名称, 名字可以自己定义. 然后复制得到的ID号.4. 接着增加一个新的选项到引导菜单bcdedit /displayorder current ID这里的ID的ID值是刚 生成的ID值.5. 激活DEBUG : bcdedit /debug ID ON这里的ID 的ID值还是刚才的ID值.6. 命令执行成功后, 重新启动机器.或者更简单的图形界面设置：在msconfig界面中，选Boot,再选Advanced options，在选择Debug、De

5、bug port、Baud rate都打上钩。如果所示：7. 选择DebugEntrydebug作为等入口。启动后，打开windbg.可以看到类似如下的信息：Microsoft (R) Windows Debugger Version 6.11.0001.404 X86Copyright (c) Microsoft Corporation. All rights reserved.Opened .pipecom_1Waiting to reconnectConnected to Windows 7 7600 x86 compatible target at (Thu Dec 10 17:46:

6、36.928 2009 (GMT+8), ptr64 FALSEKernel Debugger connection established. (Initial Breakpoint requested)Symbol search path is: * Invalid * Symbol loading may be unreliable without a symbol search path. * Use .symfix to have the debugger choose a symbol path. * After setting your symbol path, use .relo

7、ad to refresh symbol locations. *Executable search path is:* Symbols can not be loaded because symbol path is not initialized. * * The Symbol Path can be set by: * using the _NT_SYMBOL_PATH environment variable. * using the -y <symbol_path> argument when starting the debugger. * using .sympath

8、 and .sympath+ * ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -Windows 7 Kernel Version 7600 MP (1 procs) Free x86 compatibleProduct: WinNt, suite: TerminalServer SingleUserTSBuilt by: 7600.16385.x86fre.win7_rtm.090713-1255Machine Name:Kernel base = 0x83e0f000

9、PsLoadedModuleList = 0x83f57810Debug session time: Thu Dec 10 17:46:32.658 2009 (GMT+8)System Uptime: 0 days 0:06:18.429Break instruction exception code 80000003 (first chance)* * You are seeing this message because you pressed either * CTRL+C (if you run kd.exe) or, * CTRL+BREAK (if you run WinDBG), * on your debugger machines keyboard. * * THIS IS NOT A BUG OR A SYSTEM CRASH * * If you did not intend to break into the debugger, press the “g” key, then * press the “Enter” key now. This message might immediately reappear. If it * does, press “g” and “Enter” again. * *nt!Db