GroverChouT/windows-kernel-debug.md

## windows-kernel-debug.md

      
    Raw
  

              windows-kernel-debug.md
            
          
    Set target host

Notes:

Don't forget to issue a reboot after you change the settings
Remember your token and port for later use

Enable kernel debug

bcdedit /debug on

Set network kernel debug host and port

bcdedit /dbgsettings net hostip:w.x.y.z port:50000

Examine kernel debug settings

bcdedit /dbgsettings

Disable driver signature enforcement permanently

bcdedit /set nointegritychecks on

Debug tricks

Notes:

Proxy if it takes too long

Set debug symbol location

.symfix C:\Symbols

Append project specific symbol location

.sympath+ {location}

Reload symbols

.reload /f

Set debug output mask

ed nt!Kd_{component}_Mask 0xFFFFFFFF

https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/reading-and-filtering-debugging-messages#identifying-the-component-name
Component name (Dpfilter.h)


Component name
Driver type


IHVVIDEO
Video driver


IHVAUDIO
Audio driver


IHVNETWORK
Network driver


IHVSTREAMING
Kernel streaming driver


IHVBUS
Bus driver


IHVDRIVER
Any other type of driver


Level defines (Dpfilter.h)

#define DPFLTR_ERROR_LEVEL 0
#define DPFLTR_WARNING_LEVEL 1
#define DPFLTR_TRACE_LEVEL 2
#define DPFLTR_INFO_LEVEL 3
#define DPFLTR_MASK 0x80000000

Examine debug output mask

dd nt!kd_{component}_Mask
Component name	Driver type
IHVVIDEO	Video driver
IHVAUDIO	Audio driver
IHVNETWORK	Network driver
IHVSTREAMING	Kernel streaming driver
IHVBUS	Bus driver
IHVDRIVER	Any other type of driver