└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # windows-kernel-debugging
 2 | How to create a setup for windows kernel debugging using WinDbg and VMware Workstation.
 3 | 
 4 | ## Requirements
 5 | 1. Installed debugging tools for windows, you can found it [here](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/)
 6 | 2. Clean Windows 10 machine (in VMware workstation)
 7 | 
 8 | ## Configure the symbols server
 9 | Microsoft publishes symbols to every windows version, using symbols we can see functions names and global vars and more. The public symbols are extremely important to the debugging session.
10 | 
11 | Create local directory (c:\symbols) for symbols caching.
12 | 
13 | Add to your host machine system environment variables the symbol server path:
14 | 
15 | Open cmd as Administrator in your host machine and run: `set _NT_SYMBOL_PATH=srv*c:\symbols*https://msdl.microsoft.com/download/symbols`
16 | 
17 | ## Setup
18 | 1. Check that you have a ping between the host and the guest (if you don't have a ping try to configure the network adapter from the workstation to bridged)
19 | 2. Open cmd as Administrator in your guest machine
20 | 3. Run: bcdedit /debug on
21 | 4. Run: bcdedit /dbgsettings net hostip:{hostIP} port:{port}
22 | 5. Save the output key in your host machine
23 | 6. Restart the computer
24 | 7. Open windbg, File->Kernel Debug->NET, enter the port that you choose and the output key
25 | 8. Break into the debugger using CTRL+Break
26 | 9. Run in windbg: .reload /f (in order to load the kernel symbols)
27 | 10. Ensure that all the symbols are loaded using: lm
28 |  
29 | Now you got a kernel debugging session, don't forget to take a snapshot.
30 | 
31 | DONE!!!
32 | 


--------------------------------------------------------------------------------