My Kernel Debugger Won't Connect
Hello ntdebugging readers, the Debug Ninja is back again with a quick blog this holiday season. I recently encountered a situation where the kernel debugger could not connect to a Windows Server 2008 R2 system running in a Hyper-V virtual machine. The configuration appeared correct; however, the debugger would not connect to the VM.
In windbg you can use Ctrl+Alt+D to view the debugger’s internal information flow. In KD use Ctrl+D followed by ENTER to toggle the output. Enabling this output I could see that the debugger was unable to read from the debug port, and that it was getting timeouts. The error "SYNCTARGET: Timeout." is a clear indication that the debug host cannot communicate with the debug target, especially when this error appears after a “Send Break in” message.
Because I was using a named pipe on a Hyper-V VM I knew that I didn't have a bad cable, although this is a common cause of kernel debug failures. I also knew that the configuration of the VM was correct, and I could use the debugger for other VMs on this server. The problem was most likely with the OS running in the VM.
By checking Device Manager I was able to confirm that there was a problem with the configuration of the OS running in the VM. The bcdedit settings were configured to use COM1, and this should make COM1 unavailable in the OS, however, COM1 was present in device manager. For some reason the debugger was not capturing COM1 on boot as it was configured to.
Examining the bcd configuration of this server I found that the bcd configuration was not correct. In the bcd store of normal Windows 7 or Windows Server 2008 R2 OS, the Windows Boot Loader sections of bcdedit have an inherit setting. You can view this information on your system from an elevated command prompt using the command ‘bcdedit /enum all’. Ordinarily the Windows Boot Loader inherits the {bootloadersettings}, the {bootloadersettings} inherit the {globalsettings}, and the {globalsettings} inherit the {dbgsettings}. Without the inherit settings, the debugger configuration will not be read by the boot loader.
Below are the bcd settings from the broken VM. You can see that all of the normal inherited settings are missing.
C:\Windows\system32>bcdedit /enum all
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
default {current}
displayorder {current}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows Server 2008 R2 Standard (recovered)
locale en-US
osdevice partition=C:
systemroot \Windows
resumeobject {2ec5363f-2a92-11e1-bbe4-806e6f6e6963}
usefirmwarepcisettings No
debug Yes
Resume from Hibernate
---------------------
identifier {2ec5363f-2a92-11e1-bbe4-806e6f6e6963}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Server 2008 R2 Standard (recovered)
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled Yes
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
Because my only interest in this VM was to get the debugger working, I did not add all of the missing settings to the bcd store. I was able to force the debugger configuration to be read on boot using this command:
bcdedit /set inherit {dbgsettings}
I hope this helps the next time you are trying to configure a debugger and it does not work. Remember that we don't just need the debugger to be turned on and be configured; we need the settings to be inherited as well.