Kernel debugging Windows XP inside of a virtual machine

Something that is incredibly easy to do with virtual machines is kernel debugging. You can do this by either connecting two virtual machines to the same named pipe (creating a virtual null-modem cable as it were), or by debugging a virtual machine directly over a named pipe from the host operating system. 

If you are using two virtual machines you will need to configure both to have COM1 connected to a shared named pipe (e.g. \.pipedebugPipe). If you are going to debug a virtual machine from your host computer you will just need to configure the one virtual machine to have its COM1 connected to the named pipe.

You will then need to start the virtual machine you want to debug and do the following:

1. Go to My Computer --> Properties --> Advanced --> Settings under Startup and Recovery --> Edit

2. You should see a line that is something like 'multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn'

3. You will need to add '/DEBUG /DEBUGPORT=COM1' to the end of this line

4. Once you have done all of this you should shut down the virtual machine

Now you will need to download the debugging tools from: https://www.microsoft.com/whdc/devtools/debugging/installx86.mspx and either install them on your host computer, or in a second virtual machine (depending on where you want to debug from). Once you have done this you will need to do the following:

1. For host based debugging run "kd -y SRV*c:websymbols*https://msdl.microsoft.com/download/symbols -k com:pipe,port=\.pipedebugPipe,resets=0,reconnect" and then launch your target virtual machine.

2. For virtual machine based debugging run "kd -y SRV*c:websymbols*https://msdl.microsoft.com/download/symbols -k com:port=com1" and then launch your target virtual machine.

Once the target virtual machine starts to boot - the debugger should connect and you will be good to go.

Cheers,
Ben