Kernel debugging on a VM with WinDbg

In case you need to debug the kernel on a VM running on Hyper-V, this is how you can do it with a Windows Server 2012 R2 VM Generation 2:

  1. After the VM has been created, a COM port is needed. By default, you cannot create a COM port with the Hyper-V Manager UI. That’s one of the differences between Gen1 and Gen2. You have to use Powershell to get your COM port. First of all shut down the VM and disable SecureBoot (replace YourVMName with the name of your VM and make sure you run all commands with “run as administrator”):
    Set-VMFirmware -VMName YourVMName -EnableSecureBoot Off
  2. Then create the COM port as follow:
    Set-VMComPort -VMName YourVMName 1 \\.\pipe\DebugIT
    The “1” is the COM port you want to use (feel free to adjust it if needed) and the pipe path. The last string of the pipe can as well be adjusted, you could use something else than DebuIT.
  3. Start the VM
  4. Enable debugging:
    bcdedit /debug on
    bcdedit /dbgsettings serial debugport:n baudrate:115200
    where n is the port number defined in step 2.Reboot the VM.
  5. Open up WinDbg and choose File –> Kernel Debug
  6. Configure the COM connection according to the screen shot:
    windbg_localdebug
    Port: \\.\pipe\DebugIT
  7. You will see “Waiting to reconnect…” afterwards. That’s ok because we haven’t started yet debugging. Choose Debug –> Break (or Ctrl+Break). That’s it, you’re now able to debug the kernel of the running VM:windbg_localdebug-connected

 

Full memory dump with Windows Error Reporting

Windows Error Reporting is a nice tool from Microsoft. It collects required Information from an exception that happend and (if you want so) checks online if there is a solution for your issue. By default it creates a memory minidump of that process that crashed. Often a minidump is good enough to narrow down the issue, but what if it’s not enough? There’s the possibility to enable full Memory dumps when an application crashes. You can enable it with the following key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
“DumpType”=dword:00000002

That’s it. There is no restart required.

Note that the above is a global setting (per computer). It’s also possible to set it just for 1 application. See http://msdn.microsoft.com/en-us/library/windows/desktop/bb787181(v=vs.85).aspx for more Information.