win7 64位操作系统使用windbg64位虚拟机调试win7 64位系统

前言略去,假定你安装完成了windbg和虚拟系统.

1.关闭虚拟机,点击编辑设置,删除打印机串口,添加串口,该端是服务端,另一端是应用程序

2.进入系统,命令行打开 cmd ,如果需要,请使用管理员打开

3.输入 bcdedit /copy {current} /d "Windows 7 Debug"

4.输入 bcdedit /bootdebug ON [我没有输入]

5.输入  bcdedit /debug ON

6. windbg创建桌面快捷方式, 在目标后面加上  -b -k com:port=\\.\pipe\com_1,baud=115200,pipe

7.点击打开, windbg 显示

Opened \\.\pipe\com_1

Waiting to reconnect...

8.重启虚拟机,系统会在 正在启动 Windows 处卡住

9.然后如果正常的话会在 windbg 显示以下内容,中间有段时间会卡住,等待

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.

Opened \\.\pipe\com_1

Waiting to reconnect...

Connected to Windows 7 7600 x64 target at (Sat Dec 24 22:09:37.590 2016 (UTC + 8:00)), ptr64 TRUE

Kernel Debugger connection established.  (Initial Breakpoint requested)

Symbol search path is: *** Invalid ***

****************************************************************************

* Symbol loading may be unreliable without a symbol search path.           *

* Use .symfix to have the debugger choose a symbol path.                   *

* After setting your symbol path, use .reload to refresh symbol locations. *

****************************************************************************

Executable search path is:

*********************************************************************

* Symbols can not be loaded because symbol path is not initialized. *

*                                                                   *

* The Symbol Path can be set by:                                    *

*   using the _NT_SYMBOL_PATH environment variable.                 *

*   using the -y argument when starting the debugger. *

*   using .sympath and .sympath+                                    *

*********************************************************************

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe -

Windows 7 Kernel Version 7600 MP (1 procs) Free x64

Built by: 7600.16385.amd64fre.win7_rtm.090713-1255

Machine Name:

Kernel base = 0xfffff800`03e02000 PsLoadedModuleList = 0xfffff800`0403fe50

System Uptime: not available

Break instruction exception - code 80000003 (first chance)

*******************************************************************************

*                                                                             *

*   You are seeing this message because you pressed either                    *

*       CTRL+C (if you run kd.exe) or,                                        *

*       CTRL+BREAK (if you run WinDBG),                                       *

*   on your debugger machine's keyboard.                                      *

*                                                                             *

*                   THIS IS NOT A BUG OR A SYSTEM CRASH                       *

*                                                                             *

* If you did not intend to break into the debugger, press the "g" key, then   *

* press the "Enter" key now.  This message might immediately reappear.  If it *

* does, press "g" and "Enter" again.                                          *

*                                                                             *

*******************************************************************************

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe -

nt!DbgBreakPointWithStatus:

fffff800`03e6bf60 cc              int     3

按 g 后虚拟机继续启动,可以正常调试了

如果发现虚拟机CPU占用非常高，将虚拟机的核心数设置为1个即可。