Live Debugging a Hyper-V Virtual Machine with WinDbg/KD

Sometimes the need arises to debug a system remotely. This need can be anything from debuging device drivers, errors with critical system services during startup, and specific blue screen errors where no dump is generated. In my case, I was looking for a way to generate a blue screen with error code 0xc0000135 STATUS_DLL_NOT_FOUND to see if I could find a way to debug the issue through a remote debugger (since the error does not produce a memory dump and the blue screen itself is uninformative). Setting up the environment was a two step procedure for me that required enabling kernel debug mode with bcdedit and setting up the conduit for debugging (in this case, a named pipe attached to the COM port on a Hyper-V guest).

Enable Debug Mode Offline with bcdedit

First, boot off of the Windows DVD and navigate to the command prompt through the "repair your computer" link in Windows setup







There are a couple of bcdedit options that we need to combine to enable kernel debugging, /v (to get the full identifier) and /debug.





The debug switch needs to be specified on the boot loader entry (in my case, the identifier for the Windows 7 installation on D:\). If you use an invalid identifier, you get an error: "This command can only modify a Windows Boot Loader entry. The parameter is incorrect." bcdedit can modify the debug settings (COM/USB port, baud rate, etc) with the /dbgsettings flag,



Now that debugging is enabled, we can move on to attaching the debugger through a named pipe.

Use WinDbg/KD to Debug the Guest Operating system

Note: A similar process should be possible for VMWare.

To debug the system, COM1 for the Hyper-V guest needs to be configured to point to a named pipe on the host operating system,



WinDbg can then be launched and a kernel debug session can be started from the file menu (or ctrl+K),



Then the debugger will connect when the system starts,



And the rest is history...

See Also,
Windows Crash Dump Analysis