kernel debug with a vmware machine

Question

I am using windbg to begin a kernel debug with a vmware windows machine. I referred to

https://msdn.microsoft.com/en-us/library/windows/hardware/ff538143(v=vs.85).aspx.

But I didn't succeed. I had two question about it.

1). After I start windbg by such a command:

**windbg -k com:port=\\10.57.43.22\pipe\debug,pipe**

It will show:

**Fail to open \\10.57.43.22\pipe\debug
Kernel debugger failed initialization, Win32 error On1326
"Logon failure: unknown user name or bad password"**

What is the reason? There is no space for me to type user name or password.

2). In the msdn article, it said :

In the virtual machine, configure the COM port to map to a named pipe.

I had added a serial port which used a named pipe on vmware virtual machine. How to map a COM port to a pipe?

Answer 1

Serial and network debugging are two different things.

To debug a VMWARE virtual machine, once you have added the COM port to the VM, then in the VM settings:

Notice:

• The name of the named pipe is \\.\pipe\com_port (you can use whatever you want after \\.\pipe\)
• The COM port number is 2 (see in the picture where it is mentioned "Serial Port 2" on the left pane)
• The two dropboxes with this end is the server and the other end is an application.

According to the documentation, about "Yield CPU on Poll":

This configuration option forces the affected virtual machine to yield processor time if the only task it is trying to do is poll the virtual serial port.

Don't forget to configure the Windows VM with bcdedit:

bcdedit /debug on
bcdedit /dbgsettings serial debugport:2 baudrate:115200

Restart your VM once this is done. In this case I use the serial port 2 (usually, the first COM port in VMWARE is used by the printer).

Start Windbg with a command line like this:

windbg -k com:pipe,port=\\.\pipe\com_port,resets=0,reconnect

Or, once on Windbg, use CTRL+K, then:

You should be able to kernel debug your VM.