Steps to successfully debug the Windows kernel between 2 VMWare VMs

win_vm_kerneldbg.md

Open the debugger VM's .vmx file. delete the existing serial0 lines (used for printing, not needed) add these lines:

serial0.present = "TRUE"
serial0.pipe.endPoint = "client"
serial0.fileType = "pipe"
serial0.yieldOnMsrRead = "TRUE"
serial0.tryNoRxLoss = "FALSE"
serial0.startConnected = "TRUE"
serial0.fileName = "/private/tmp/com1"

Repeat for the debugee, but add these lines:

serial0.present = "TRUE"
serial0.pipe.endPoint = "server"
serial0.fileType = "pipe"
serial0.yieldOnMsrRead = "TRUE"
serial0.startConnected = "TRUE"
serial0.tryNoRxLoss = "FALSE"
serial0.fileName = "/private/tmp/com1"

In the debugee, open an administrator command prompt and enter: bcdedit /set debug yes bcdedit /dbgsettings serial debugport:1 baudrate:115200 Run windbg x64 in the debugger Restart the debugee and pray

Resources:

• http://minyentw.blogspot.com/2016/08/wndows-kernel-debug-with-vmware-fusion.html
• https://communities.vmware.com/message/748577
• https://samsclass.info/126/proj/p12-WinDbg
• https://reverseengineering.stackexchange.com/questions/2297/windows-kernel-debugging-on-mac-host-using-vmware-fusion
• https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/attaching-to-a-virtual-machine--kernel-mode-