├── README.md
└── pics
├── 00.png
├── 01.png
├── 02.png
├── 03.png
├── 04.png
├── 05.png
├── 07.png
├── 08.png
├── 09.png
└── windbglab.png
/README.md:
--------------------------------------------------------------------------------
1 | # How to set up a VirtualBox lab to debug Kernel Driver with Windbg
2 |
3 | We consider here that on Computer A `windbg` is already installed and on Computer B Visual Studio, the SDK and WDK are installed.
4 |
5 | 
6 |
7 | 1) Open the `Host network Manager` to create or set up a new `Virtual Box Host-Only Ethernet adapter`
8 |
9 |
10 | 
11 |
12 |
13 | 2) Create or choose a `Virtual Box Host-Only Ethernet adapter` and tick the `Enable` box for `DHCP Server`
14 |
15 |
16 | 
17 |
18 |
19 | 3) For Computer A and Computer B go to `Settings -> Network` and in `Attached to` select `Host-Only Adapter` and then select the adapter previously set up or created. For us it's `VirtualBox Host-Only Ethernet Adapter`. Don't forget to tick the boxes `Enable Network Adapter` and `Cable Connected`
20 |
21 |
22 | 
23 |
24 |
25 | 4) Retrieve on Computer A the IP with the `ipconfig` command
26 |
27 |
28 | 
29 |
30 |
31 |
32 | 5) Disable the firewall on both VMs
33 |
34 |
35 | 
36 |
37 |
38 |
39 | 6) On computer B from an administrator terminal:
40 | - Enable kernel debugging `bcdedit /debug on`
41 | - Setup the connection to Computer A for debug `bcdedit /dbgsettings hostip:1.2.3.4 port:50005`
42 | - Enable test signing `bcdedit /set testsigning on`
43 |
44 | For the command `bcdedit /dbgsettings`, for `hostip` set the IP of your Computer A, for `port` choose the one you want between 50000 and 50039.
45 |
46 | **The `bcdedit /dbgsettings` will output a Key, *KEEP IT* it will be used on the windbg configuration on Computer A to establish the connection !**
47 |
48 |
49 |
50 | 
51 |
52 |
53 |
54 | 7) On computer A, open Windbg, select `Attach to Kernel` and set the port you choose on Computer B and the key provided by the command `bcdedit /dbgsettings`.
55 |
56 |
57 |
58 | 
59 |
60 |
61 |
62 | 8) Now reboot Computer B. On Computer A you will see in the command prompt of windbg some data meaning that the connection is up.
63 |
64 |
65 | 
66 |
67 |
68 |
69 | 9) You can check by clicking on the button `Break`. If it works, Computer B should be freezed and you should see a `nt!DbgBreakPointWithStatus` message in the command windows of windbg
70 |
71 |
72 | 
73 |
74 |
75 | Have fun !
76 |
77 | If you want good ressources to practice go check :
78 |
79 | - [Windows Kernel Programming by Pavel Yosifovich](https://www.amazon.fr/Windows-Kernel-Programming-Pavel-Yosifovich/dp/1977593372)
80 | - [Offensive Driver Development by @_rastamouse](https://training.zeropointsecurity.co.uk/courses/offensive-driver-development)
81 |
--------------------------------------------------------------------------------
/pics/00.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/00.png
--------------------------------------------------------------------------------
/pics/01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/01.png
--------------------------------------------------------------------------------
/pics/02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/02.png
--------------------------------------------------------------------------------
/pics/03.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/03.png
--------------------------------------------------------------------------------
/pics/04.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/04.png
--------------------------------------------------------------------------------
/pics/05.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/05.png
--------------------------------------------------------------------------------
/pics/07.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/07.png
--------------------------------------------------------------------------------
/pics/08.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/08.png
--------------------------------------------------------------------------------
/pics/09.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/09.png
--------------------------------------------------------------------------------
/pics/windbglab.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xalicex/kernel-debug-lab-for-virtual-box/fd8ab46f0fa3e2c3d9ab565b1a4e399fa1877e13/pics/windbglab.png
--------------------------------------------------------------------------------