Debugging Windows Kernel from Linux

Question

I used to debug the Windows Kernel using VirtualKD, WinDBG and a single Virtual Machine.

Recently I got a Linux machine, and now I wond

Answer 1

Another option nowadays is to enable local kernel debugging. This comes with some limitations, however it will enable you to access kernel data while just using one VM.

This approach only works on Windows 8.0 and Windows Server 2012 and later.

Follow these steps:

1. Open a Command Prompt window as Administrator.
2. Enter bcdedit /debug on
3. If the computer is not already configured as the target of a debug transport, enter bcdedit /dbgsettings local
4. Reboot the computer.

Once the system is rebooted, you can execute WinDBG as Administrator, press ctrl+k or go to File -> Attach to kernel -> Local and press OK.

At that point, you will be able to execute kernel-only commands and access kernel structures:

Tested under Windows 10 and with the new WinDBG version (preview).

Reference: Setting Up Local Kernel Debugging of a Single Computer Manually