Wednesday, December 04, 2013

Windows Kernel Debugging using USB3 and Using Network

Setting Up Windows Kernel-Mode Debugging over a USB 3.0 Cable

Pre-requisites:
·         xHCI (USB 3.0) host controllers on the host and target computers. (All new platform these days have xHCI USB3 ports)
·         A USB 3.0 debug cable. This is an A-A crossover cable that has only the USB 3.0 lines and no Vbus - http://www.amazon.com/gp/product/B0032ANCC8/ref=oh_details_o01_s00_i02?ie=UTF8&psc=1
·         Debugging Tool. I used WinDbg. Install - Standalone Debugging Tools for Windows 8.1 (WinDbg) (http://go.microsoft.com/fwlink/?LinkID=323507). In the installation wizard, select Debugging Tools for Windows, and deselect all other components.


Setting up the Target Computer (The computer that runs the debugger is called the host computer, and the computer being debugged is called the target computer)

1.       Disable selective suspend for the xHCI host controller:
In Device Manager, navigate to the node for the xHCI host controller Properties. Go to Power Management tab and clear the Allow the computer to turn off this device to save power check box.
In Device Manager, navigate to the node for the root hub of the xHCI host controller Properties. Go to Power Management tab and clear the Allow the computer to turn off this device to save power check box

2.     Run cmd.exe as administrator
bcdedit /debug on
bcdedit /dbgsettings usb targetname:someName  (target name could be any name and not necessarily the actual computer name)
bcdedit /set "{dbgsettings}" busparams x.y.z – where x.y.z is the device location of USB. Go to Device Manager- select xHCHI Host controller, properties and note down the bus, device, and function numbers.


Bcdedit /dbgsettings  (this will show you the current debug settings you set above, verify that it is set as expected)


3.     Connect USB3.0 Cable between host and target Computer and Reboot the computer.


Setting up Host Computer
Install - Standalone WinDbg (http://go.microsoft.com/fwlink/?LinkID=323507). In the installation wizard, select Debugging Tools for Windows, and deselect all other components.
Open WinDbg - On the File menu, choose Kernel Debug. In the Kernel Debugging dialog box, open the USB tab. Enter the target name that you created when you set up the target computer. Click OK.



WinDbg should connect to the target computer.

If connection does not work:
Try rebooting target if for some reason it fails to connect in first attempt.
Try changing the Cable to another USB port on target machine

==

Setting Up Kernel-Mode Debugging over a Network Cable.

Pre-requisites:
Need a supported Ethernet NIC. Looks for the device IDs and see if its listed here http://msdn.microsoft.com/en-us/library/windows/hardware/dn337009(v=vs.85).aspx
Standard CAT 5 cable and both machines on same network.


Setting Up the Target Computer

1.     Run cmd.exe as administrator
bcdedit /debug on
      bcdedit /dbgsettings net hostip:w.x.y.z port:n key:Key  (hostIP is the IP address of Host Machine. Choose any Port number from 49152 through 65535. If you do not mention key, it will be randomly generate a long 256 bit key. I prefer to specify my own so that I can remember Key:1.2.3.4)
      bcdedit /set "{dbgsettings}" busparams x.y.z      (where x.y.z is the device location of Ethernet NIC. Get it from Device manager)
2.     Reboot the computer.

Setting up Host Computer
1.     Open WinDbg - On the File menu, choose Kernel Debug. In the Kernel Debugging dialog box, open the Network tab. Enter Port number and Key you got from target computer


 I used a switch and assigned static IP on Host and Target computer and the it worked like charm.

Sunday, December 01, 2013

How to fix Windows 7/ Win8 boot problem with BCDEDIT



  1. At the Command Prompt, type C:, then dir to make sure the C: drive has Windows folder.
    X:\Sources>C:
    
    C:\>dir
     Volume in drive C has no label.
     Volume Serial Number is 08B5-DD80
    
     Directory of C:\
    
    06/10/2009   01:42 PM                24 autoexec.bat
    06/10/2009   01:42 PM                10 config.sys
    04/09/2013   03:07 AM    <DIR>          Documents
    07/13/2009   06:37 PM    <DIR>          PerfLogs
    04/28/2013   12:59 PM    <DIR>          PortableApps
    04/27/2013   01:12 PM    <DIR>          Program Files
    10/14/2012   12:42 PM           148,376 Start.exe
    04/08/2013   09:39 AM    <DIR>          Users
    04/23/2013   09:02 AM    <DIR>          Windows
                    3 Files(s)       148,410 bytes
                    6 Dir(s)  24,614,199,296 bytes free
    If the C: drive doesn't have "Windows" folder, keep changing to the next letter drive (D:, E:, etc.) until you find a drive that has. Note the letter of this drive (C: in this case).
  2. Type "bcdedit /store C:\Boot\BCD /enum" to show boot entries.
    C:\>bcdedit /store C:\Boot\BCD /enum
    
    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    device                  unknown
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    default                 {default}
    resumeobject            {aaefde36-a035-11e2-85f9-d08a24bd2bde}
    displayorder            {default}
    toolsdisplayorder       {memdiag}
    timeout                 30
    
    Windows Boot Loader
    -------------------
    identifier              {default}
    device                  unknown
    path                    \Windows\system32\winload.exe
    description             Windows 7
    locale                  en-US
    inherit                 {bootloadersettings}
    recoverysequence        {aaefde38-a035-11e2-85f9-d08a24bd2bde}
    recoveryenabled         Yes
    osdevice                unknown
    systemroot              \Windows
    resumeobject            {aaefde36-a035-11e2-85f9-d08a24bd2bde}
    nx                      OptIn
    We should find the lines that have "unknown" values, and correct them by setting the value to "partition=C:" — or whatever drive has "Windows" folder.
  3. To fix the lines with "unknown" values, use bcdedit as follows.
    bcdedit /store C:\Boot\BCD /set {bootmgr} device partition=C:
    bcdedit /store C:\Boot\BCD /set {default} device partition=C:
    bcdedit /store C:\Boot\BCD /set {default} osdevice partition=C:
  4. To verify that corrections were made to the Windows 7 boot configuration, run bcdedit again.
    C:\>bcdedit /store C:\Boot\BCD /enum
    
    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    device                  partition=C:
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    default                 {default}
    resumeobject            {aaefde36-a035-11e2-85f9-d08a24bd2bde}
    displayorder            {default}
    toolsdisplayorder       {memdiag}
    timeout                 30
    
    Windows Boot Loader
    -------------------
    identifier              {default}
    device                  partition=C:
    path                    \Windows\system32\winload.exe
    description             Windows 7
    locale                  en-US
    inherit                 {bootloadersettings}
    recoverysequence        {aaefde38-a035-11e2-85f9-d08a24bd2bde}
    recoveryenabled         Yes
    osdevice                partition=C:
    systemroot              \Windows
    resumeobject            {aaefde36-a035-11e2-85f9-d08a24bd2bde}
    nx                      OptIn
    You can see that "partition=C:" values appear on lines that previously had "unknown" values.
  5. Windows will now boot normally. Close all windows and restart the computer.