问题
Are there some limitations to the Local Kernel Mode Debugging option in Windbg?
I am running Win XP SP3 inside a VM using VMWare Workstation. The Host operating system is: Windows 7 SP1
I want to perform Kernel Debugging using Windbg inside the VM.
However, few commands are not working. For instance,
lkd> !process -0 0
PROCESS 82cd38b0 SessionId: 0 Cid: 0cd4 Peb: 7ffd6000 ParentCid: 0638
DirBase: 0e740300 ObjectTable: e2474a10 HandleCount: 43.
Image: notepad.exe
lkd> .process /i 82cd38b0
^ Operation not supported by current debuggee error in '.process /i 82cd38b0'
Image: notepad.exe
lkd> !lmu
No export lmu found
So, my guess is that these are limitations of the local kernel mode debugging option of windbg.
回答1:
Local kernel mode debugging is very limited, you can't even set a breakpoint. More about limitations here.
Set up a remote kernel debug via COM port on the guest system with redirection to a pipe on the host system. Then you can execute all debugging commands.
来源:https://stackoverflow.com/questions/8738579/limitations-of-local-kernel-mode-debugging-in-windbg