How can I debug Windows in one VM from another VM using VirtualBox?

Question

I am working on some start-up (pre-logon) code for Windows 7, and would like to be able to debug it (if only to see how it really works, as Microsoft's documentation is terrible).

My environment is VirtualBox on a Linux host, with three Windows VMs (a Windows 2008 domain controller, a Windows 7 dev machine, and a Windows 7 test machine), and I'd like to be able to debug the startup process of the test machine remotely from the dev machine using a virtual serial connection two virtual machines.

[I have, in another life, debugged Linux kernel drivers in one linux VM from another using VMware workstation on a Windows host so I know that this sort of thing is potentially doable.]

I've seen people using windbg to debug Windows in a VirtualBox VM from the host, but I need to do it from a second guest (because my host is non-Windows). Has anyone figured out how to do that?

Edit: I had tried the obvious approach before I posted. I created a virtual serial port in each VM configuration and attached them both to the same host pipe, to be created by the dev VM (debugger) and used by the test VM (debugee). I then ran

bcdedit /dbgsettings serial debugport:1 baudrate:115200
bcdedit /debug {current} on

in the test VM and shut it down. Ran windbg in the dev VM selected kernel debugging (on the correct serial port) and restarted the test VM. Some messages appeared about not having any symbols available and the test VM hung.

I have since found this article: http://www.benjaminhumphrey.co.uk/remote-kernel-debugging-windbg-virtualbox/ which (although that guy is using a Windows host) seems to describe exactly the method I'd tried, but his test VM doesn't hang. The output I get in the wndbg window is the same as his, but stops before the line staring "Windows XP Kernel ..."

I'm now less sure that this problem is related to VirtualBox and more unsure as to whether I'm using windbg correctly. Any help would be appreciated.

Another Edit I have tried attaching the virtual serial port of the Test VM to a host file, and I get some debugging output in the file. I have tried setting the virtual serial ports of the two VMs to point to a host pipe and running a terminal (rather than WinDbg) in the Dev VM, and I get debugging information in the terminal.

I think I've now determined that this is definitely a problem with WinDbg rather than VirtualBox (I'll remove the virtualbox tag and replace it with windbg) but I'm not sure why WinDbg isn't talking.

More information: I've just upgrade Upgrading to VirtualBox 4.2.4 (not sure whether the version matters) and have looked at this again.

I rebuilt the test VM and was more patient!

It now seems that the test VM is running - and I do eventually get some output in the windbg window - but it takes about 15 minutes for the debuggee OS to boot! This is clearly not useful for day-to-day kernel debugging. I have no idea why this should be so slow ... there is no perceptible slowdown if I run a simple terminal in the dev VM instead of windbg (though, of course, the debug information is then mostly garbage).

Any ideas?

Answer 1

I realize this is one helluva necro, but...

Have you tried setting up the debugee for kernel-mode network debugging? I'm thinking that the slowdown is in a large part because serial is so g.d. slow.

http://msdn.microsoft.com/en-us/library/windows/hardware/hh439346%28v=vs.85%29.aspx

If/when M$ decides to rot away that link, these parts of above article are what you need to do to get this set up:

Setting Up the Target Computer

To set up the target computer, follow these steps:

Verify that the target computer has a supported network adapter.

Connect the supported adapter to a network hub or switch using standard CAT5 or better network cable. Do not use a crossover cable, and do not use a crossover port in your hub or switch.

In an elevated Command Prompt window, enter the following commands, where w.x.y.z is the IP address of the host computer, and n is a port number of your choice:

    bcdedit /debug on
    bcdedit /dbgsettings net hostip:w.x.y.z port:n

bcdedit will display an automatically generated key. Copy the key and store it on a removable storage device like a USB flash drive. You will need the key when you start a debugging session on the host computer.

Note  We strongly recommend that you use an automatically generated key. However, you can create your own key as described later in the Creating Your Own Key section.

If there is more than one network adapter in the target computer, use Device Manager to determine the PCI bus, device, and function numbers for the adapter you want to use for debugging. Then in an elevated Command Prompt window, enter the following command, where b, d, and f are the bus number, device number, and function number of the adapter:
bcdedit /set "{dbgsettings}" busparams b.d.f
Reboot the target computer.

And to connect to it, use the following steps:

Using WinDbg

On the host computer, open WinDbg. On the File menu, choose Kernel Debug. In the Kernel Debugging dialog box, open the Net tab. Enter your port number and key. Click OK.

You can also start a session with WinDbg by opening a Command Prompt window and entering the following command, where n is your port number and Key is the key that was automatically generated by bcdedit when you set up the target computer:

windbg -k net:port=n,key=Key

If you are prompted about allowing WinDbg to access the port through the firewall, allow WinDbg to access the port for all the different network types.

Using KD

On the host computer, open a Command Prompt window. Enter the following command, where n is your port number and Key is the key that was automatically generated by bcdedit when you set up the target computer:

kd -k net:port=n,key=Key

If you are prompted about allowing KD to access the port through the firewall, allow KD to access the port for all the different network types.