Debugging BSODs during Windows installation Igor Derzhavets, [email protected] Yan Vugenfirer, [email protected] Daynix Computing LTD
Debugging BSODs during Windows installation
Jul 15, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Debugging BSODs during Windows installationIgor Derzhavets, [email protected]
Yan Vugenfirer, [email protected] Daynix Computing LTD
Daynix Computing LTD
AgendaMotivation
Walkthrough guide
Daynix Computing LTD
MotivationOn a new hardware or with new features of the hypervisor Windows might crash or hang during the installation
Enable live debugging
Enable gathering and analysis of crash dumps
Daynix Computing LTD
Configuring debuggeeExtract the content of installation media to your local directory ([PATH])
Use bcdedit.exe from target OS or later
Enable serial debugging:
bcdedit.exe -store [PATH]\boot\bcd /set "{default}" debug on
Enable serial port debug transport (can be USB or Net):
bcdedit.exe -store [PATH]\boot\bcd /dbgsettings SERIAL DEBUGPORT:1 BAUDRATE:115200
Daynix Computing LTD
Repackaging the mediaInstall Windows Assessment and Deployment Kit (ADK) - http://www.microsoft.com/en-us/download/details.aspx?id=30652
Create ISO image for debugged installation by oscdimg utility from ADK:
oscdimg.exe –l[Disc_Label] -m -u2 –b[PATH]\boot\etfsboot.com [PATH] RemasterdWinInstall.iso
Daynix Computing LTD
Configuring the debugger hostStart WinDbg host VM or run WinDbg on physical machine connected to debuggee)
Add the following to QEMU command line:
-chardev socket,id=serial0,path=/tmp/1022895-serial0,server,nowait -device isa-serial,chardev=serial0,id=serial0
Daynix Computing LTD
Install from media and debugIf using QEMU, run guest with following command line addition:
-chardev socket,id=serial0,path=/tmp/1022895-serial0 -device isa-serial,chardev=serial0,id=serial0
Daynix Computing LTD
Running WinDbgRun WinDbg on the debugging host
Start kernel debug from "File->Kernel Debug...->COM" menu with shown settings
Use .dump command to create crash dump if needed
Daynix Computing LTD
LinksKernel debugging over serial: https://msdn.microsoft.com/en-us/library/windows/hardware/ff556867(v=vs.85).aspx
How to create bootable Windows 8 ISO DVD using Oscdimg.exe: http://www.windowsvalley.com/create-bootable-windows-8-iso-dvd/Edit
Kernel Debugging with Qemu and WinDbg: http://resources.infosecinstitute.com/kernel-debugging-qemu-windbg/
Happy debugging45
Related Documents
