Setting up a Windows machine for drivers and minifilters, testing and debugging using VirtualKD-Redux
All steps are to be executed in Administrative CMD
π’ - Host
π΅ - VM
- π’ Disable Memory Integrity
- π’ Run
bcdedit /set hypervisorlaunchtype off - π’ Install VMware
- Download Windows and follow any tutorial to set up a windows
VM (You might want to configure space to be around 50GB+,
ram around 4GB, enable hardware acceleration, and so on)
- π΅ You can skip Microsoft sign in by using a banned email id, eg: use
no@thankyou.comand type in any password, you should now be able to skip the sign-in process - π΅ Install
VMware tools - π΅ Right-click on
Startand click onRun- π΅ Type in
regedit - π΅ Now goto
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager - π΅ Right-click on
Session Manager -> New -> Key - π΅ Rename the new key to
Debug Print Filterand select it - π΅ Right-click the left column blank space and choose
New -> DWORD (32-bit) Value - π΅ Rename it to
DEFAULT - π΅ Double click and change its value to
ffffffff
- π΅ Type in
- π’ Now download the driver loader
- π’ Extract it
- π΅ Drag and drop
"..\osrloaderv30\Projects\OsrLoader\kit\WLH\AMD64\FRE\OSRLOADER.exe"to VM
- π΅ You can skip Microsoft sign in by using a banned email id, eg: use
- Next, we move on to VirtualKD-Redux
- You can follow the tutorial here
- π΅
F8onDisable Signature Enforcement Manually!!!and SelectDisable Driver Sig...
- π’ Now open
vmmon64.exeas administrator - π΅ Now open the windows VM machine, if you have followed correctly then your WinDbg should launch automatically and
Windows boot-up should halt till you
Debug -> Goin WinDbg - π’ Now goto Debug -> Break, followed by
File -> Symbol File Path ...and putSRV*c:\symbols* http://msdl.microsoft.com/download/symbols, click onReloadand thenOk, finallyDebug -> Go
- π΅ If this does not work, then in an elevated Command Prompt window, enter:
bcdedit /debug onandbcdedit /dbgsettings serial debugport:2 baudrate:115200, you might have to change debug port to1 - π’ You can also space this workspace in WinDbg by
File -> Save Workspace As...
- π’ Goto
Debug -> Break, followed byFile -> Symbol File Path ...and putC:\Users\sn99\CLionProjects\fsfilter-rs\minifilter\x64\Debugor wherever the.pdbfile is (this should be in the same build folder as.sysdriver file), click onReloadand thenOk, and finallyDebug -> Go, and thenFile -> Save Workspace
- Windows Kernel Programming Tutorial 1 - Setting up Environment - Part 1
- Windows Kernel Programming Tutorial 2 - Setting up Environment - Part 2
- Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)
- Microsoft public symbol server
- Get started with WinDbg (kernel-mode)
- Windbg always show "Waiting to reconnect..."
- VirtualKD-Redux Tutorial
- Driver Loader