Open the debugger VM's .vmx file. delete the existing serial0 lines (used for printing, not needed) add these lines:
serial0.present = "TRUE"
serial0.pipe.endPoint = "client"
serial0.fileType = "pipe"
serial0.yieldOnMsrRead = "TRUE"
serial0.tryNoRxLoss = "FALSE"
serial0.startConnected = "TRUE"
serial0.fileName = "/private/tmp/com1"
Repeat for the debugee, but add these lines:
serial0.present = "TRUE"
serial0.pipe.endPoint = "server"
serial0.fileType = "pipe"
serial0.yieldOnMsrRead = "TRUE"
serial0.startConnected = "TRUE"
serial0.tryNoRxLoss = "FALSE"
serial0.fileName = "/private/tmp/com1"
In the debugee, open an administrator command prompt and enter:
bcdedit /set debug yes
bcdedit /dbgsettings serial debugport:1 baudrate:115200
Run windbg x64 in the debugger
Restart the debugee and pray
Resources:
- http://minyentw.blogspot.com/2016/08/wndows-kernel-debug-with-vmware-fusion.html
- https://communities.vmware.com/message/748577
- https://samsclass.info/126/proj/p12-WinDbg
- https://reverseengineering.stackexchange.com/questions/2297/windows-kernel-debugging-on-mac-host-using-vmware-fusion
- https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/attaching-to-a-virtual-machine--kernel-mode-
I like to make a desktop shortcut for windbg on the client. Right click > properties > and set the target string:
"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe" -k com:port=com1,baud=115200
Also, a note from my latest successful attempt, whether you use a shortcut like I show here, or the Ctrl+K / "Kernel Debug..." to connect, do not check the pipe / reconnect checkboxes. Even though, given the .vmx settings (specifically the serial0.fileType=pipe... wtf microsoft / vmware), you might think the pipe checkbox is meant to be enabled. If you try to connect with the pipe checkbox enabled, the server vm may freeze on startup (which may lead you to believe it's working correctly) but windbg will not connect.