For this example I am using a Windows Server 2012 Physical machine with Hyper-V installed. I will setup a live Debug session with a Windows 7 sp1 Virtual Machine residing on the same server.
- Win2012Debugger (Host) - This is the physical machine that will be used to do the debug
- Win7 client (Target) - This is the client VM being debugged
Configuring the physical machine:
1. Install the debug tools
http://msdn.microsoft.com/en-us/windows/hardware/hh852363
Click Next until you see the Select the features you want to install screen.
Select only the option named Debugging Tools for Windows and click the Install button. I typically install the tools to a directory named C:\debugger
2. Open Windbg with administrative privileges.
3. Configure the symbol path
a. From within windbg, click on file, Symbol File Path
b. In the Symbol Search Path insert the following:
.sympath SRV*f:\localsymbols*http://msdl.microsoft.com/download/symbols
(This will allow the debugger to use the public symbols that are available online)
4. From within Hyper-V manager, go to the settings of the Virtual Machine you are going to debug to configure the Namepipe for the debugger to connect. This is configured in the COM1 settings. For this example I'm naming my Namepipe DEBUGWIN7
Configuring the Virtual machine:
1. Logon to the Windows 7 VM that you are going to debug. If the machine is not booting you can run the commands from Winre or Winpe.
2. Open an administrative command prompt and enable debugging by running the following command:
Bcdedit /debug on
If you are running the command from Winre or Winpe it would be
Bcdedit /set {default} debug on
3. Configure the debugger to use the COM port specified by running the following command:
Bcdedit /dbgsettings Serial Debugport:1 baudrate:115200
4. You can check these settings by running bcdedit /enum all
You can see in the below diagrams that under Windows Boot Loader, debug is set to yes, and the debug settings reflect the last bcd command.
5. Restart the Windows 7 client VM
Remote Debugging:
Now that both machines are configured, we can start the remote debug session.
1. Launch windbg with administrative privileges.
2. From the file pull down menu select Kernel Debug:
Make sure the settings match the debug settings configured earlier.
a. Baud Rate = 115200
b. Port = \\.\pipe\DEBUGWIN7 this was configured during step 4 of Configuring the physical machine
c. Make sure the Pipe and Reconnect checkboxes are checked.
d. Click OK
3. You should now see the following screen:
4. One you see this screen go to the Debug pull down menu and select Break or Ctrl + Break to break into the debugger.
5. You can test the debug connection by running the !process 0 0 command. This will show you the running processes on the target Operating System.