Setting up a Windows machine for drivers and minifilters, testing and debugging using VirtualKD-Redux

Leave a Comment / By /

All steps are to be executed in Administrative powershell/cmd.exe. We use the following color scheme to distinguish host and VM: 🟒 is Host πŸ”΅ is VM.

We have used the following tools in this post: WinDbg, VMware, and VirtualKD-Redux.

  • 🟒 Disable Memory Integrity

  • 🟒 Run bcdedit /set hypervisorlaunchtype off

  • 🟒 Install VMware

  • Download Windows and follow any tutorial to set up a windows VM (You might want to configure space to be around 50GB+, ram around 4GB, enable hardware acceleration, and so on)

    • πŸ”΅ You can skip Microsoft sign in by using a banned email id, eg: use no@thankyou.com and type in any password, you should now be able to skip the sign-in process
    • πŸ”΅ Install VMware tools
    • πŸ”΅ Right-click on Start and click on Run
      • πŸ”΅ Type in regedit
      • πŸ”΅ Now goto HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
      • πŸ”΅ Right-click on Session Manager -> New -> Key
      • πŸ”΅ Rename the new key to Debug Print Filter and select it
      • πŸ”΅ Right-click the left column blank space and choose New -> DWORD (32-bit) Value
      • πŸ”΅ Rename it to DEFAULT
      • πŸ”΅ Double click and change its value to ffffffff

  • 🟒 Now download the driver loader
    • 🟒 Extract it
    • πŸ”΅ Drag and drop "..\osrloaderv30\Projects\OsrLoader\kit\WLH\AMD64\FRE\OSRLOADER.exe" to VM
  • You can follow the tutorial here
  • πŸ”΅ F8 on Disable Signature Enforcement Manually!!! and Select Disable Driver Sig...

  • 🟒 Now open vmmon64.exe as administrator
  • πŸ”΅ Now open the windows VM machine, if you have followed correctly then your WinDbg should launch automatically and Windows boot-up should halt till you Debug -> Go in WinDbg
  • 🟒 Now goto Debug -> Break, followed by File -> Symbol File Path ... and
    put SRV*c:\symbols* http://msdl.microsoft.com/download/symbols, click on Reload and
    then Ok, finally Debug -> Go

  • πŸ”΅ If this does not work, then in an elevated Command Prompt window, enter: bcdedit /debug on
    and bcdedit /dbgsettings serial debugport:2 baudrate:115200, you might have to change debug port to 1
  • 🟒 You can also space this workspace in WinDbg by File -> Save Workspace As...
  • 🟒 Goto Debug -> Break, followed by File -> Symbol File Path ... and
    put C:\Users\sn99\CLionProjects\fsfilter-rs\minifilter\x64\Debug or wherever the .pdb file is (this should be in the same build folder as .sys driver file), click on Reload and then Ok, and finally Debug -> Go,and thenΒ File -> Save Workspace

References

Related Posts

Leave a Reply

Scroll to Top
%d bloggers like this: