(Kernel) debugging with windbg
Set the Windows VM for debugging:
bcdedit /debug on
bcdedit /dbgsettings serial debugport:1 baudrate:115200
In the VM settings, associate a pipe to the COM1 port: \\.\\pipe\debugk (windows) or /tmp/debugk (linux)
Here is a list of some useful windbg commands:
lm – list modules
!address <addr> – show details about addr
!peb – show PEB structure
dt nt!_eprocess – view the EPROCESS structure
dt nt!_kprocess – view the KPROCESS structure
dt nt!_ETHREAD – view the Executive Thread (ETHREAD) structure
dt nt!_KTHREAD – view the Kernel Thread (KTHREAD) structure