Shifting yourself to space

April 28, 2011

Short tips: Debugging a vm with a named pipe

Filed under: Uncategorized — shift32 @ 12:59 pm
Tags: , ,

I recently started writing drivers with windows, so far I’ve only written one and you can see the results down below, however I tried loading the driver in a non-traditional way using the undocumented ZwSetSystemInformation

For some unknown reason, the driver halts the system and I get an exception of an invalid instruction
However this is not the case of this post

In order to debug things correctly, I’m using VirtualBox winxp-sp2 as a guest machine to run my code and my host machine runs a windbg session
VirtualBox’s support in com ports sucks and I didn’t make it at configurating a com port for my debugging session so I decided to use named pipes

In order to do so, go to the Settings -> Serial Ports – >
Check the “Enable serial port” and create “Host Pipe”

It is quite crucial that you’ll name your pipe as \\.\pipe\ since if not you’ll get an error while running the vm

Once you’ve created a named pipe, run

kdsrv.exe -t npipe:pipe=\\.\pipe\<pipe_name> in your guest machine

within the host machine go to File -> Kernel Debug ->
and choose “Port” within the COM box write your named pipe name, Check “Pipe” and you’re done.
You can also check “Reconnect” too, it saves a few things

Once you load up the os in debug mode (bcdedit etc) be sure to hit ctrl+break to halt the system and get control
It’s also noted to use the symbol server that ms offers in order not to fuck symbols up (it’s quite a nightmare setting things up imho)

enjoy.

Advertisements

1 Comment »

  1. Home mole removal can work well for those who have moles that bother them as long as the are not a typical moles.
    As a word of caution you should also never try to manually remove the warts
    yourself, as that can lead to the virus spreading. Chocolate and junk foods are often blamed for
    the cause of acne.

    Comment by how to get rid of warts around the neck — May 3, 2013 @ 4:44 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.