Set the Windows VM for debugging:<\/p>\n
\u00a0 \u00a0 bcdedit \/debug on<\/em><\/p>\n \u00a0 \u00a0 bcdedit \/dbgsettings serial debugport:1 baudrate:115200<\/em><\/p>\n In the VM settings, associate a pipe to the COM1 port: \\\\.\\\\pipe\\debugk (windows) or \/tmp\/debugk (linux)<\/p>\n <\/p>\n Here is a list of some useful windbg\u00a0<\/strong>commands:<\/p>\n lm – list modules<\/p>\n !address <addr> – show details about addr<\/strong><\/p>\n !peb – show PEB structure<\/p>\n dt nt!_eprocess – view the EPROCESS structure<\/p>\n dt nt!_kprocess – view the KPROCESS structure<\/p>\n dt nt!_ETHREAD – view the Executive Thread (ETHREAD) structure<\/p>\n dt nt!_KTHREAD – view the Kernel Thread (KTHREAD) structure<\/p>\n","protected":false},"excerpt":{"rendered":" Set the Windows VM for debugging: \u00a0 \u00a0 bcdedit \/debug on \u00a0 \u00a0 bcdedit \/dbgsettings serial debugport:1 baudrate:115200 In the VM settings, associate a pipe to the COM1 port: \\\\.\\\\pipe\\debugk (windows) or \/tmp\/debugk (linux) Here is a list of some useful windbg\u00a0commands: lm – list modules !address <addr> – show details about addr !peb […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[30,34,33,4],"class_list":["post-140","post","type-post","status-publish","format-standard","hentry","category-security","tag-debugger","tag-kernel","tag-windbg","tag-windows"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[]}},"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":""},"post_excerpt_stackable_v2":" Set the Windows VM for debugging: \u00a0 \u00a0 bcdedit \/debug on \u00a0 \u00a0 bcdedit \/dbgsettings serial debugport:1 baudrate:115200 In the VM settings, associate a pipe to the COM1 port: \\\\.\\\\pipe\\debugk (windows) or \/tmp\/debugk (linux) Here is a list of some useful windbg\u00a0commands: lm – list modules !address <addr> – show details about addr !peb – show PEB structure dt nt!_eprocess – view the EPROCESS structure dt nt!_kprocess – view the KPROCESS structure dt nt!_ETHREAD – view the Executive Thread (ETHREAD) structure dt nt!_KTHREAD – view the Kernel Thread (KTHREAD) structure<\/p>\n","category_list_v2":"Security<\/a>","author_info_v2":{"name":"malwrforensics","url":"https:\/\/malwrforensics.com\/en\/author\/u_malwrforensics\/"},"comments_num_v2":"0 comments","_links":{"self":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/140","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/comments?post=140"}],"version-history":[{"count":3,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/140\/revisions"}],"predecessor-version":[{"id":143,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/140\/revisions\/143"}],"wp:attachment":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/media?parent=140"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/categories?post=140"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/tags?post=140"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}