Remote Kernel Debugging Windows virtual machine (Generation 2) using Serial COM running inside Hyper-v

This article is a step by step guide to attach windbg to remote windows kernel running inside generation 2 Hyper-V.

3 min read
Remote Kernel Debugging   Windows virtual machine (Generation 2) using Serial COM running inside Hyper-v

If you want to debug the Windows kernel running on a generation 2 VM in Hyper-V, attaching windbg is a pain in the ass. This fast guide will show you how to set up remote kernel debugging without any hassle in such scenarios.

Stage 1: Configuring Hyper-V machine for remote connection through Serial COM

To troubleshoot the kernel, the first step is to disable secure boot. And if you're running a Generation 2 virtual machine, it's likely that it's turned on. To disable secure boot, first navigate to the appropriate virtual machine settings. Security -> Enable Secure Boot (unchecking) provides the option to disable secure boot. Remember to turn off virtual machine before attempting to disable secure boot.

This can also be done using powershell:

Set-VMFirmware –Vmname VmName –EnableSecureBoot Off

The next step is to create a virtual serial COM port for the virtual machine (which is not present by default for Gen 2 machines)

If you look at the VM settings, you will note that there is no option for COM port setup in the Network Adapter option.

You have to manually set the COM port for Gen 2 VM using powershell. Before that, first verify if there is actually any virtual COM port present for the VM:

PS C:\Windows\system32> Get-VMComPort -VMName "my win 11"

VMName          Name  Path
------          ----  ----
my win 11 COM 1 
my win 11 COM 2

You can config the COM port using following powershell command:

Set-VMComPort -VMName "my win 11" -Path \\.\pipe\testcom -Number 2

Here -Number 2 is for COM 2. -Path contained the named pipe that this virtual COM port will use in host machine. Once done, you can reverify the setting using above Get-VMComPort command.

You can now turn on the windows guest and verify that the COM ports are present inside Device manager:

Stage 2: Configuring the Virtual machine guest.

The first step with the Windows virtual machine is to enable debugging. This can be done in one of two ways: graphically with msconfig or command line with bcdedit.exe.

Graphical way:

Open run, type msconfig and press enter. Now goto Boot-> Advance Options and turn on Debug check. Then select the Debug port to COM1/COM2 and set Baud rate to 115200.

Command line through bcdedit:

bcdedit /debug on

bcdedit /dbgsettings serial debugport:2 baudrate:115200

Here debugport 2 represent COM 2 serial port.

Stage 3: Attaching windbg to remote VM for kernel debugging

Start windbg as administrator. Goto File-> Start Debugging -> Attach to kernel

Here, select COM tab and put the named pipe created earlier on Port field and press enter.

You you would be promt with debugging session for that particular guest machine.