(Kernel) debugging with windbg

Set the Windows VM for debugging:

    bcdedit /debug on

    bcdedit /dbgsettings serial debugport:1 baudrate:115200

In the VM settings, associate a pipe to the COM1 port: \\.\\pipe\debugk (windows) or /tmp/debugk (linux)

 

Here is a list of some useful windbg commands:

lm – list modules

!address <addr> – show details about addr

!peb – show PEB structure

dt nt!_eprocess – view the EPROCESS structure

dt nt!_kprocess – view the KPROCESS structure

dt nt!_ETHREAD – view the Executive Thread (ETHREAD) structure

dt nt!_KTHREAD – view the Kernel Thread (KTHREAD) structure