Replies: 6 comments 13 replies
-
@astrelsky Yes, this is entirely possible. Bear in mind, the Ghidra debugger is really a set of wrappers around native APIs for other debugging suites, such as windbg/dbgeng, gdb, lldb, etc., so most things that are possible with the native debugger are possible from Ghidra. In your case, I wouldn't bother with setting up the pipes or serial debugging - I'm assuming you're primarily interested in user-mode vs kernel-mode debugging. The easiest way to implement this is install windbg in the VM, start or attach to your target, and then issue the .server command, e.g. .server tcp:port=54321. In Ghidra, from the Targets View, launch dbgeng (or dbgmodel if you're using Windbg Preview in the VM) adding the arguments you would normally supply windbg's "-remote" option on the "DebugConnect options (.server)" line, e.g. "tcp:port=54321,server=ip.of.target.vm". This should connect to the VM, much as it would any remote target, with the current process being the one launched by the server windbg instance. There are more complicated scenarios possible for kernel debugging, but they have some rough edges, so yell if that's what you're interested in. |
Beta Was this translation helpful? Give feedback.
-
OK, I'm confused. Is your VM disconnected/isolated or is it "using a virtual network"? If it's using a virtual network, it's available using the virtual network IP for the VM. That said, if you're keen on using the pipe, that's fine. The params for using the pipe are "com:port=\.\pipe\namedpipe,pipe", as in the link you sent. Is that not working? |
Beta Was this translation helpful? Give feedback.
-
No problem - been there. I would try the IP approach first, just because the pipe setup is easy-to-break and not as performant. If it doesn't work right away, go with the pipe. |
Beta Was this translation helpful? Give feedback.
-
Bots are getting kind of scary 😂 |
Beta Was this translation helpful? Give feedback.
-
@astrelsky OK, the more I think about this, the more I think this is the wrong approach.... Admittedly, it's been a long time since I've used the COM<->named pipe feature, but my recollection is that I always used it in the context of kernel debugging. Kernel debugging of windows over the serial port is the most basic and oldest flavor of kernel connection, and the whole point of the COM<->named port thing is to export the COM interface to clients outside the VM. The link you supplied, for instance, is clearly describing a kernel-debugging setup. The COM is really not available (if I remember correctly) inside windbg for user-mode debugging. There's really no use case for that. Named pipe debugging is supported, but using npipe:pipe=\.\pipe\whatever makes that pipe available locally, i.e. I can connect from another windbg on the same box, but connecting from another box requires that pipe to be available on the remote client. The COM interface on VMware is not doing that. Which brings me back to the TCP interface. Even in host-only mode, where you've enabled VM-to-VM comms w/o access to the host machine external interfaces, the host is acting as the router and has access to the host-only interface. That's really the interface you want to use, whether from windbg or ghidra. If your host is Windows, you can do this directly. If not, you can use another VM to host the Ghidra agent or run the Ghidra agent in the target VM. I think...again, it's been a while. |
Beta Was this translation helpful? Give feedback.
-
What version of VMware are you running? I have Workstation 17 Player running on Windows, VMware Fusion 12.2.4 on an Intel Mac, VMware Fusion e.x.p. running on an M1, and an older version on Ubuntu 22, and none of them have an option descibed as "vm to vm". Agreed re pipes. |
Beta Was this translation helpful? Give feedback.
-
Just looking to find out if it is possible to do this with the Ghidra debugger. I remember looking into it in the past and was never able to figure out how to configure it on Ghidra's end. The use case here would be wanting to keep the Ghidra project on my workstation but safely run the program in a vm where I can restore state.
https://docs.vmware.com/en/VMware-Workstation-Pro/16.0/com.vmware.ws.using.doc/GUID-DC282380-272B-426A-962D-D116E1B11F94.html
Beta Was this translation helpful? Give feedback.
All reactions