Setup Remote Kernel Debugging
I assume you know how to install a Virtual Machine and the WDK. In case you don’t I put links besides:
I recommand you to make a snapshot before starting the following steps..
Enable Kernel Debugging
Start the command prompt as Administrator in order to run the following commands. The first one enable the debugging, and the second one defines the configuration to be used for the debugging. In our case we provide the IP address, the port of the debugger (machine that debug the VM) and a key.
Replace <DEBUGGER'S IP ADDRESS> with your host ip address (ipconfig).
bcdedit.exe /debug on
bcdedit.exe /dbgsettings net hostip:<DEBUGGER'S IP ADDRESS> port:50000 key:kernel.debugging.is.easy
Then, we have to specify the location of our network card. Press Win + X, select Device Manager and network card. Right click on the good one, properties and look on which bus your card is.
bcdedit.exe /set {dbgsettings} busparams 0.3.0
Configure WinDBG
Start WinDbg (x64), then Select File -> Attach to Kernel. Now enter the key defined while setting up the debuggee VM. If you followed this tutorial it was “kernel.debugging.is.easy”, keep the port to be 50000 and click OK.
Now that the debugger is waiting.
We can start our debuggee VM and we should see the connection establishment in WinDBG window.
