All steps are to be executed in Administrative CMD
🟢 - Host
🔵 - VM
- 🟢 Disable Memory integrity
- 🟢 Run
bcdedit /set hypervisorlaunchtype off - 🟢 Install VMware
- Download Windows and follow any tutorial to set up a windows
VM (You might want to configure space to be around 50GB+, ram around 4GB, enable hardware acceleration and so on)
- 🔵 You can skip Microsoft sign in by using banned email id, eg: use
no@thankyou.comand type in any password, you should now be able to skip the sign-in process - 🔵 Install
VMware tools - 🔵 Right click on
Startand click onRun- 🔵 Type in
regedit - 🔵 Now goto
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager - 🔵 Right click on
Session Manager -> New -> Key - 🔵 Rename the new key to
Debug Print Filterand select it - 🔵 Right-click the left column blank space and choose
New -> DWORD (32-bit) Value - 🔵 Rename it to
DEFAULT - 🔵 Double click and change its value to
ffffffff
- 🔵 Type in
- 🟢 Now download driver loader
- 🟢 Extract it
- 🔵 Drag and drop
"..\osrloaderv30\Projects\OsrLoader\kit\WLH\AMD64\FRE\OSRLOADER.exe"to VM
- 🔵 You can skip Microsoft sign in by using banned email id, eg: use
- Next we move on to VirtualKD-Redux
- You can follow the tutorial here
- 🔵
F8bcdedit/debug and SelectDisable Driver Sig...
- 🟢 Now open
vmmon64.exeas administrator - 🔵 Now open the windows VM machine, if you have followed correctly then you WinDbg should launch automatically and
windows boot-up should halt till you
Debug -> Goin WinDbg - 🟢 Now goto
Debug -> Break, followed byFile -> Symbol File Path ...and putSRV*c:\symbols* http://msdl.microsoft.com/download/symbols, click onReloadand thenOk
, finally Debug -> Go - 🔵 If this does not work, then in an elevated Command Prompt window, enter:
bcdedit /debug onandbcdedit /dbgsettings serial debugport:2 baudrate:115200, you might have to change debug port to1 - 🟢 You can also space this workspace in WinDbg by
File -> Save Workspace As...
- 🟢 Goto
Debug -> Break, followed byFile -> Symbol File Path ...and putC:\Users\sn99\CLionProjects\fsfilter-rs\minifilter\x64\Debugor wherever the.pdbfile is (this should be in the same build folder as.sysdriver file), click onReloadand thenOk, finallyDebug -> Go, and thenFile -> Save Workspace
- Windows Kernel Programming Tutorial 1 - Setting up Environment - Part 1
- Windows Kernel Programming Tutorial 2 - Setting up Environment - Part 2
- Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)
- Microsoft public symbol server
- Get started with WinDbg (kernel-mode)
- Windbg always show "Waiting to reconnect..."
- VirtualKD-Redux Tutorial
- Driver Loader