How to setup Windbg to debug windows OS

How to setup Windbg to debug windows OS

Setup a client with windbg , connect serial com port to SUT
Client can monitor SUT windows booting process


SUT:
1. Boot to windows
2. CMD=>
bcdedit /debug on
bcdedit /dbgsettings serial debugport:1 baudrate:115200
3. Set the dump file: "System"--"Advanced system settings"--"Advanced"--"Startup and Recovery"--"Settings", choose the "kernel memory dump".
4. Run the "regedit" to open the Registry Editor in OS,In the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters, create a value named "CrashOnCtrlScroll", and set it equal to a REG_DWORD value of 0x01. then exit the Registry Editor.
5. Reboot
-----------------------------------------------------------------------------------
Client:
1. Download windbg then install
https://developer.microsoft.com/zh-tw/windows/hardware/windows-driver-kit
2. Create a folder "Symbols" unter C:  (C:\Symbols)
3. Open windbg
   Windows Kits=>WinDbg (X64)
4. File=>Symbol File Path
    Input "C:\Symbols\Bootmgr;srv*C:\Symbols\Bootmgr*http://msdl.microsoft.com/download/symbols"
    =>OK
5.File=>Kenerl Debug
6.Go to "Com"
   Input Baud Rate: 115200 Port: com x  (x is com port number)



 Forcing a System Crash from the Debugger
• If KD or WinDbg is performing kernel-mode debugging, it can force a system crash to occur.
This is done by entering the .crash (Force System Crash) command at the command prompt. (If
the target computer does not crash immediately, follow this with the g (Go) command.)
• When this command is issued, the system will call KeBugCheck and issue bug check 0xE2
(MANUALLY_INITIATED_CRASH). Unless crash dumps have been disabled, a crash dump file is
written at this point.
• After the crash dump file has been written, the kernel debugger on the host computer will
be alerted and can be used to actively debug the crashed target.

C:\Windows\Minidump\110916-18593-01.dmp
C:\Users\Administrator\AppData\Local\Temp\WER-37093-0.sysdata.xml
C:\Windows\MEMORY.DMP