Also, see:

• Setting up a Windows machine for drivers and minifilters testing and debugging using KDNET

Tools Used:

• WinDbg
• VMware
• VirtualKD-Redux

Steps

All steps are to be executed in Administrative CMD

🟢 - Host

🔵 - VM

• 🟢 Disable Memory Integrity

  

• 🟢 Run bcdedit /set hypervisorlaunchtype off

• 🟢 Install VMware

• Download Windows and follow any tutorial to set up a windows VM (You might want to configure space to be around 50GB+, ram around 4GB, enable hardware acceleration, and so on)

  • 🔵 You can skip Microsoft sign in by using a banned email id, eg: use [email protected] and type in any password, you should now be able to skip the sign-in process

  • 🔵 Install VMware tools

  • 🔵 Right-click on Start and click on Run

    • 🔵 Type in regedit

    • 🔵 Now goto HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager

    • 🔵 Right-click on Session Manager -> New -> Key

    • 🔵 Rename the new key to Debug Print Filter and select it

    • 🔵 Right-click the left column blank space and choose New -> DWORD (32-bit) Value

    • 🔵 Rename it to DEFAULT

    • 🔵 Double click and change its value to ffffffff

      

  • 🟢 Now download the driver loader

    • 🟢 Extract it
    • 🔵 Drag and drop "..\\osrloaderv30\\Projects\\OsrLoader\\kit\\WLH\\AMD64\\FRE\\OSRLOADER.exe" to VM

• Next, we move on to VirtualKD-Redux

  • You can follow the tutorial here

  • 🔵 F8 on Disable Signature Enforcement Manually!!! and Select Disable Driver Sig...

    

  • 🟢 Now open vmmon64.exe as administrator

  • 🔵 Now open the windows VM machine, if you have followed correctly then your WinDbg should launch automatically and Windows boot-up should halt till you Debug -> Go in WinDbg

  • 🟢 Now goto Debug -> Break, followed by File -> Symbol File Path ... and put SRV*c:\\symbols* <http://msdl.microsoft.com/download/symbols>, click on Reload and then Ok, finally Debug -> Go

    

  • 🔵 If this does not work, then in an elevated Command Prompt window, enter: bcdedit /debug on and bcdedit /dbgsettings serial debugport:2 baudrate:115200, you might have to change debug port to 1

  • 🟢 You can also space this workspace in WinDbg by File -> Save Workspace As...

• 🟢 Goto Debug -> Break, followed by File -> Symbol File Path ... and put C:\\Users\\sn99\\CLionProjects\\fsfilter-rs\\minifilter\\x64\\Debug or wherever the .pdb file is (this should be in the same build folder as .sys driver file), click on Reload and then Ok, and finally Debug -> Go,and then File -> Save Workspace

  

References

• Windows Kernel Programming Tutorial 1 - Setting up Environment - Part 1
• Windows Kernel Programming Tutorial 2 - Setting up Environment - Part 2
• Debugging Tools for Windows (WinDbg, KD, CDB, NTSD)