"Job hunting" ahahaha advertisement is here, the blogger himself, 23rd year of poor web security, online job hunting, bachelor's degree has a period of internship in a big factory, is there any big boss who is short of people or has a referral boss to give a chance, Please, please contact me on WeChat to give you your resume:
ocean888-_-there is a QR code at the bottom of the article
This use will build a windbg virtual machine dual-machine debugging environment in the macos environment, which is slightly different from windows debugging. For windows virtual machine dual-machine debugging, you can read the previous article
lab environment
- Physical machine: MacBoob+vmfusion Professional Edition 12.1.0
- Debugging machine: win10 x64+windbg preview
- Target machine (debugged machine): win7 x64
Environment build
-
Set the virtual machine serial port, first find the package where the virtual machine is located
Select the machine and right-click to open it in finder (because I pressed the command key in the screenshot here, it becomes the latest log file)
Find the debugging machine and the target machine, right-click to display the package content, find the corresponding
虚拟机名.vmxfile and open itDebug machine settings
Delete the original configuration line containing "serial0" and replace it with the following
serial0.present = "TRUE" serial0.fileType = "pipe" serial0.fileName = "/Users/{name}/com1" serial0.yieldOnMsrRead = "TRUE" serial0.tryNoRxLoss = "FALSE" serial0.pipe.endPoint = "client"Debugged machine
serial0.fileName = "/Users/{name}/com1" serial0.present = "TRUE" serial0.fileType = "pipe" serial0.yieldOnMsrRead = "TRUE" serial0.startConnected = "TRUE"Note: Here {name} needs to be replaced with your own user name, and the configuration file can only be modified when the virtual machine is shut down or suspended
-
The debugged machine is set to open the serial port, open cmd as an administrator, and execute the following command
bcdedit /enum ACTIVE bcdedit /dbgsettings serial baudrate:115200 debugport:1 bcdedit /copy {current} /d "Windows Debug Entry" bcdedit /displayorder {current} {上一行的id} bcdedit /debug {上一行的id} ON bcdedit -set TESTSIGNING on bcdedit /dbgsettings
After the command is executed, restart the system, and it is normal if a new startup item appears at startup
-
Debug machine settings
Computer Management -> Device Manager -> Ports -> Communication Ports -> Port Settings
Set bits/second to 115200
-
open windbg preview
attach to kernel
Note that the machine to be debugged is in the startup item selection interface at this time, select windows debug entry
Then you can happily debug