{"id":404,"date":"2015-02-15T01:14:59","date_gmt":"2015-02-15T06:14:59","guid":{"rendered":"http:\/\/www.rajatswarup.com\/blog\/?p=404"},"modified":"2015-02-15T01:14:59","modified_gmt":"2015-02-15T06:14:59","slug":"setting-up-a-windows-7-kernel-development-environment","status":"publish","type":"post","link":"https:\/\/www.rajatswarup.com\/blog\/2015\/02\/15\/setting-up-a-windows-7-kernel-development-environment\/","title":{"rendered":"Setting up a Windows 7 Kernel Development Environment"},"content":{"rendered":"

If you are writing some Ring0 (or privileged mode code), say something like device drivers in Windows you’d probably be better served with a separate development machine and a deployment machine. This helps you to write poor code and still not lose hair because your development machine blue screens! \ud83d\ude42<\/p>\n

My setup was using a Windows 8.1 development machine and a Hyper-V based Windows 7 machine for debugging. You will need to execute different tasks on the “guest” (Hyper-V based Windows 7 virtual machine) and some other tasks on the development machine. \u00a0I followed many of the things from the MSDN blog post here<\/a><\/p>\n

On your guest machine you would want to setup a named pipe and setup debug settings. To do that this is what you need to do:<\/p>\n

Setup a virtual com port in the Hyper-V Settings (File -> Settings) , this port will be used to communicate from the host machine to the guest to communicate the Kernel debugging commands.
\n\"Untitled\"<\/a><\/p>\n

 <\/p>\n

Now make sure that your target guest machine is configured to “listen” those commands. \u00a0Inside the guest VM, start a command shell (cmd.exe -> Run as Administrator).<\/p>\n

\"Untitled2\"<\/a><\/p>\n

 <\/p>\n

Configure the bcdedit commands so that the machine can now be debugged. \u00a0Right after the 2nd command, reboot your Virtual Machine.<\/p>\n

\"Untitled3\"<\/a><\/p>\n

 <\/p>\n

With the VM now configured to listen the debug commands via the COM1 port, and the debug mode on in the bootup settings, now start the WinDbg x64 on the host (using “Run as administrator”; you need administrative privileges for communication via Serial port). \u00a0In your kernel debugger on the host or the development machine (I’m assuming that these are both on the same physical hardware here). \u00a0Click on File -> Kernel Debug and you should see the following screen in the WinDbg window:<\/p>\n

\"Untitled4\"<\/a><\/p>\n

Hit Ctrl+Break or Debug -> Break and you will see something like this:<\/p>\n

\"Untitled5\"<\/a><\/p>\n

Just remember that when you break in the debugger, your guest in Hyper-V should become “unresponsive”. \u00a0The only thing is that it is not\u00a0really<\/em> unresponsive, its just being debugged. \u00a0Just to make sure, that you have the symbols package that is quite useful for debugging run the following command:<\/p>\n

!process 0 0<\/p><\/blockquote>\n

If you see something like the following screen show up:<\/p>\n

\"Untitled6\"<\/a><\/p>\n

The following error means that the symbols are not defined. \u00a0Symbols help the debugger give more information about the commands that you are going to execute in the debugger.<\/p>\n

**** NT ACTIVE PROCESS DUMP ****
\nNT symbols are incorrect, please fix symbols<\/p><\/blockquote>\n

To fix this, use the following commands:<\/p>\n

kd> .sympath SRV*c:\\symcache*http:\/\/msdl.microsoft.com\/download\/symbols
\nkd> .symfix
\nkd> .symfix c:\\symcache
\nkd> !sym noisy
\nkd> .reload \/o<\/p><\/blockquote>\n

Then again try the command: !process 0 0 and see if you get a good response. \u00a0A good response looks like the following:<\/p>\n

\"Untitled7\"<\/a><\/p>\n

With this you should be good to go! Happy debugging and writing cool Ring0 code.<\/p>\n

 <\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

If you are writing some Ring0 (or privileged mode code), say something like device drivers in Windows you’d probably be better served with a separate development machine and a deployment machine. This helps you to write poor code and still not lose hair because your development machine blue screens! \ud83d\ude42 My setup was using a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[230,196,197],"tags":[261,462,461,254],"class_list":["post-404","post","type-post","status-publish","format-standard","hentry","category-howto","category-programming","category-tools","tag-drivers","tag-ring0","tag-windbg","tag-windows"],"_links":{"self":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/comments?post=404"}],"version-history":[{"count":1,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/404\/revisions"}],"predecessor-version":[{"id":412,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/posts\/404\/revisions\/412"}],"wp:attachment":[{"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/media?parent=404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/categories?post=404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rajatswarup.com\/blog\/wp-json\/wp\/v2\/tags?post=404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}