HOWTO - Debugging a remote Windows HVM under Xen using Windbg
Posted in random | by evilbitz |This HOWTO describes how do debug a Windows HVM domain under the Xen 3.0.3 virtual machine monitor using Windbg. It is taken for granted that you know how to debug a local windows using a serial modem cable, and that you know how to manage Xen virtual machines, these issues are not going to be addressed in this howto.
In order to remotely debug a windows HVM using Windbg we’ll create a setup that will allow us to do so. You’ll basically need to have a network connection (that supports TCP/IP) between the host and target (the one that is being debugged) machines.
Target Computer Configuration
Let’s start with the Windows virtual machine (HVM) - Start Windows (using xm create…) and once it started, open the boot.ini file with your favourite text editor. Duplicate the right boot line that is booting the installation of Windows that you want to debug, in the new line, add the following boot switches: “/debug /debugbreak /debugport=COM1″ (the serial baud rate default value is 19200).
Your new line should look something like this:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /fastdetect /debug /debugbreak /debugport=COM1
Save the file and shut-down the VM, open your HVM’s config file with a text editor. Make sure that the line “serial = ‘pty’” exists there, if it’s not than add it, but be sure that your Xen version supports this “feature”.
Now, launch the VM and attach the STDIN/STDOUT of the console (mapped to the HVM’s COM1 device) to a socket that you create with netcat:
xm create xp1
netcat -lk -p 4444 -c “xm console domain_id”
The second command creates a TCP socket and listens on port 4444. The INPUT and OUTPUT of the HVM COM1 serial port is now redirected to that socket. Not all versions of netcat on linux supports the -c switch, If you don’t have the right version of Netcat, then you can download it from here. We are now ready to configure the host computer.
Host Computer Configuration
At the host machine, which runs a native installation of Windows, we will create a virtual serial port that is associated with the target computer’s socket that we’ve created. In order to do that, we will use a tool called HW VSP (Virtual Serial Port), It is made by a company named Hw-Group which specialized in hardware kits. Anyway, the INPUT/OUTPUT of the serial port that you are going to create with HW-VSP will be redirected to the target’s remote socket. Write the target computer’s IP and port (4444), and name your virtual serial port COM5. This closes the loop between the HVM COM1 serial port and the local virtual serial port that you created.
Before you go and create the virtual serial port, you’ll have to configure HW-VSP not to use NVT, a feature that encapsulates the data being sent over the network for the virtual serial port, and not to use TEA based authentication. See the following image:
That’s pretty much about it. Run windbg. Go to File->Kernel Debug.. and choose the virtual serial port you had created (COM5), specify the value 19200 for the baud rate. Press OK. You are ready to debug that HVM. Press ‘g’ to let Windows run after the debug break.
Some notes
It is possible to debug a Windows HVM from a windbg process that runs on anohter Windows HVM, but this can be accomplished pretty much in the same way that I described in this howto.
Comments and suggestions are welcome!
Update - 19/08/2008
Instead of using netcat, you can use the inetd service to redirect the i/o of the virtual serial port to a socket. This is more useful and easy since it is done automatically when you create the hvm. In order to do that you will have to edit these files: (I assume your hvm config file is called vistasp1)
- /etc/inetd.conf - add this line at the end: “windbg_vistasp1 stream tcp nowait root /usr/sbin/tcpd xm console vistasp1″
- /etc/services - add this line: “windbg_vistasp1 4444/tcp”
