Does anyone here uses Linux host/VMWare/VirtualKD debug environment?

Question

Does anyone had a successful experience with VirtualKD setup on Linux host running VMWare Workstation 8 (with Win7 guests)?

Despite the facts there's a lot of admiring comments about 'speed' and 'other benefits' of that VirtualKD, most of them come from Windows/VirtualBox users, and I really don't want to waste my time on trying to get it working on unsupported configuration.

P.S. Official VirtualKD forum has a similar thread that is still unanswered for two years, so decided to ask for reviews here.

P.P.S. My actual problem is that VMWare's socket-based COM port debugging is very slow.. it takes 10 to 20x more time to copy debug output from debuggee to debugger machine, than it takes to print same output to DbgView.

Answer 1

I have a successful experience running it on Windows if anyone is looking for that:

1. Install VirtualBox 5.x or less and create a virtual machine with a Windows .iso SATA device and set it up

2. Download VirtualKD-3.0

3. Open the VM and run vminstall.exe on the guest

4. On admin cmd on the guest: bcdedit /dbgsettings SERIAL DEBUGPORT:1 BAUDRATE:115200

5. Shut down VM, close VirtualBox and kill the VBoxSVC.exe process

6. Run VirtualIntegration.exe. If it crashes open an admin cmd and cd to C:\Program Files\Oracle\VirtualBox and then type vboxmanage setextradata <VMNAME> VBoxInternal/Devices/VirtualKD/0/Config/Path <VirtualKD-3.0 folder> i.e. vboxmanage setextradata Windows7 VBoxInternal/Devices/VirtualKD/0/Config/Path C:\Users\lewis\Downloads\VirtualKD-3.0

7. Open vmmon64.exe and set the debugger path i.e C:\Program Files\Debugging Tools for Windows (x64)\windbg.exe, and then select WINDBG.EXE and start debugger automatically

8. Launch VM and highlight the VirtualKD entry and press f8 and disable driver signature enforcement and you will soon break into the debugger at nt!RtlpBreakWithStatusInstruction, which is a debugger symbol for the first address of the DbgBreakPointWithStatus, which is called from InitBootProcessor, which is the breakpoint you'd get from sxe ibp;.reboot. There is an earlier breakpoint of sxe ld:nt

You will need to unpatch the VM in order to be able to boot it without vmmon open. VirtualKD is good for logging with debugging protocol packets and automating windbg connection but you can't boot debug with it. In order for boot debugging to work you will need to create a COM1 serial port on the VM and set it to create a pipe \\.\pipe\pipename. You then need to connect to the pipe via windbg manually. Make sure that you have done bcdedit /bootdebug /on && bcdedit /bootdebug {bootmgr} /on && bcdedit /set {bootmgr} debugtype serial && bcdedit /set {bootmgr} baudrate 115200 && bcdedit /set {bootmgr} debugport 1 on the guest before booting.

Answer 2

Does anyone had a successful experience with VirtualKD setup on Linux host running VMWare Workstation 8 (with Win7 guests)?

VirtualKD is a Windows-only application. The poster on the forum has worked around the problem of it being Windows-only by redirecting a Unix socket to TCP, therefore allowing Windows clients to connect over the network.

I've used socat to successfully bridge two VMs using a tcp socket. I created pipes in /tmp and ran socat between them; one VM can then debug the other.

In my case, because I'd configured the debugger to use serial connections I was rate limited by the serial connections. I haven't tried the VirtualKD-style setup; however, my bet is it won't work. From the VirtualKD explanation of its internals on VMWare, the client-side code is basically using hypervisor provided functionality. VirtualBox has to be patched by VirtualKD; I expect this is to provide such functionality to VirtualBox clients.

The bad news is this means, ultimately, that the Linux host hypervisor (VMware/VirtualBox on the host) must know to process that information and pass it out to the appropriate location. By default, it won't know how to do this.