Thursday, March 12, 2015

WinDBG: Kernel Debugging Windows for IoT on Intel Galileo 2

When I read about Windows IoT my first question was  "Can I debug it in the kernel mode?". It happened "yes I can". Officially there is no information about kernel debugging. But Windows IoT is a subset of Windows 10 so theoretically it looked as possible.
 There were two options
   - debugging via JTAG
   - debugging via WinDBG

I will elaborate on JTAG debugging later. Now let's talk about WinDBG options and it happened that Microsoft left the door open , the image of Windows IoT released in November 2014 for Intel Galileo 2 had kernel debugging enabled via serial port at a speed 115200 bps .

This is a picture of a board with an attached serial-to-USB converter. 



Be cautious as Intel Galileo 2 uses an Arduino style pinout that differs from a standard FTDI adapters. Also, Intel Galileo 2 uses 3.3v TTL logic for serial port communication, while some FTDI adapters have 5v TTL logic, do not confuse it with 5v VOUT which is not connected to anything on Intel Galileo 2 . 

I use a USB Serial Adapter from Freetronics, which has 3.3-5v switch and Arduino pinout.


After setting everything WinDBG shows a familiar output and you can break into the kernel, though there are no symbol files on the Microsoft symbol files server as Microsoft did not suppose that anybody outside MS would perform kernel mode debugging for Windows IoT.



For example a list of drivers and kernel modules reported by WinDBG

kd> lm n t
start    end        module name
77450000 775b5000   ntdll    ntdll.dll    Fri Nov 14 19:41:52 2014 (5466CB80)
8043d000 80487000   CLFS     CLFS.SYS     Fri Nov 14 19:39:46 2014 (5466CB02)
80487000 804a2000   tm       tm.sys       Fri Nov 14 17:30:37 2014 (5466ACBD)
804a2000 804b5000   PSHED    PSHED.dll    Fri Nov 14 20:24:25 2014 (5466D579)
804b5000 804be000   BOOTVID  BOOTVID.dll  Fri Nov 14 19:40:17 2014 (5466CB21)
804be000 804c7000   ksecext  ksecext.sys  Fri Nov 14 19:40:14 2014 (5466CB1E)
804c7000 80541000   CI       CI.dll       Fri Nov 14 19:37:50 2014 (5466CA8E)
80541000 80572000   msrpc    msrpc.sys    Fri Nov 14 19:39:02 2014 (5466CAD6)
80572000 805aa000   pci      pci.sys      Fri Nov 14 19:38:15 2014 (5466CAA7)
805aa000 805dc000   sdbus    sdbus.sys    Fri Nov 14 19:39:00 2014 (5466CAD4)
80a8a000 80a93000   kdcom    kdcom.dll    Fri Nov 14 19:40:18 2014 (5466CB22)
8161b000 81674000   hal      halmacpi.dll Fri Nov 14 19:40:32 2014 (5466CB30)
81674000 81c22000   nt       ntkrpamp.exe Fri Nov 14 17:36:32 2014 (5466AE20)
81e00000 81e11000   mup      mup.sys      Fri Nov 14 19:40:18 2014 (5466CB22)
81e11000 81e19000   minvol   minvol.sys   Fri Nov 14 19:40:05 2014 (5466CB15)
81e19000 81e30000   disk     disk.sys     Fri Nov 14 19:39:39 2014 (5466CAFB)
81e33000 81e79000   fltmgr   fltmgr.sys   Fri Nov 14 19:40:05 2014 (5466CB15)
81e79000 81e8b000   fileinfo fileinfo.sys Fri Nov 14 19:38:31 2014 (5466CAB7)
81e8b000 81e9e000   WimFsf   WimFsf.sys   Fri Nov 14 19:38:57 2014 (5466CAD1)
81e9e000 81ecc000   fastfat  fastfat.sys  Fri Nov 14 19:40:10 2014 (5466CB1A)
81ecc000 81ee2000   ksecdd   ksecdd.sys   Fri Nov 14 19:39:08 2014 (5466CADC)
81ee2000 81efe000   usbccgp  usbccgp.sys  Fri Nov 14 19:37:55 2014 (5466CA93)
81efe000 81f08000   USBD     USBD.SYS     Fri Nov 14 19:40:11 2014 (5466CB1B)
81f08000 81f5e000   usbhub   usbhub.sys   Fri Nov 14 19:38:43 2014 (5466CAC3)
81f5e000 81f72000   usbehci  usbehci.sys  Fri Nov 14 19:39:04 2014 (5466CAD8)
81f72000 81fd3000   USBPORT  USBPORT.SYS  Fri Nov 14 19:39:42 2014 (5466CAFE)
81fd3000 81fe1000   pcw      pcw.sys      Fri Nov 14 17:30:36 2014 (5466ACBC)
81fe1000 81fff000   USBSTOR  USBSTOR.SYS  Fri Nov 14 19:37:52 2014 (5466CA90)
82000000 82014000   partmgr  partmgr.sys  Fri Nov 14 19:40:03 2014 (5466CB13)
82018000 820f2000   ndis     ndis.sys     Fri Nov 14 19:38:11 2014 (5466CAA3)
820f2000 82146000   NETIO    NETIO.SYS    Fri Nov 14 19:37:24 2014 (5466CA74)
82146000 8216d000   ksecpkg  ksecpkg.sys  Fri Nov 14 19:37:22 2014 (5466CA72)
8216d000 82180000   wfplwfs  wfplwfs.sys  Fri Nov 14 19:36:35 2014 (5466CA43)
82180000 821c8000   fwpkclnt fwpkclnt.sys Fri Nov 14 19:36:53 2014 (5466CA55)
821c8000 821d5000   condrv   condrv.sys   Fri Nov 14 19:40:07 2014 (5466CB17)
821d5000 821dc400   vmstorfl vmstorfl.sys Fri Nov 14 19:37:01 2014 (5466CA5D)
821dd000 821eaa00   vmbkmcl  vmbkmcl.sys  Fri Nov 14 19:38:37 2014 (5466CABD)
821eb000 821fd000   sdstor   sdstor.sys   Fri Nov 14 19:39:19 2014 (5466CAE7)
8221b000 82266000   CLASSPNP CLASSPNP.SYS Fri Nov 14 17:30:57 2014 (5466ACD1)
82289000 82293000   Fs_Rec   Fs_Rec.SYS   Fri Nov 14 17:30:36 2014 (5466ACBC)
82293000 8229b000   Null     Null.SYS     Fri Nov 14 19:40:13 2014 (5466CB1D)
8229b000 822ab000   BasicDisplay BasicDisplay.sys Fri Nov 14 19:39:16 2014 (5466CAE4)
822ab000 822b8000   watchdog watchdog.sys Fri Nov 14 19:39:37 2014 (5466CAF9)
822b8000 823e1000   dxgkrnl  dxgkrnl.sys  Fri Nov 14 19:37:36 2014 (5466CA80)
84600000 84611000   volmgr   volmgr.sys   Fri Nov 14 19:39:39 2014 (5466CAFB)
84611000 84627000   mountmgr mountmgr.sys Fri Nov 14 19:39:48 2014 (5466CB04)
84628000 846be000   Wdf01000 Wdf01000.sys Fri Nov 14 19:38:59 2014 (5466CAD3)
846be000 846cc000   WDFLDR   WDFLDR.SYS   Fri Nov 14 19:38:43 2014 (5466CAC3)
846cc000 846dd000   acpiex   acpiex.sys   Fri Nov 14 19:37:36 2014 (5466CA80)
846dd000 846e7000   WppRecorder WppRecorder.sys Fri Nov 14 19:39:30 2014 (5466CAF2)
846e7000 84752000   ACPI     ACPI.sys     Fri Nov 14 19:39:10 2014 (5466CADE)
84752000 8475b000   WMILIB   WMILIB.SYS   Fri Nov 14 19:40:12 2014 (5466CB1C)
8475b000 847d0000   cng      cng.sys      Fri Nov 14 19:37:40 2014 (5466CA84)
847d0000 847d8000   msisadrv msisadrv.sys Fri Nov 14 19:38:48 2014 (5466CAC8)
847d8000 847e3000   vdrvroot vdrvroot.sys Fri Nov 14 19:38:36 2014 (5466CABC)
847e3000 847fb000   pdc      pdc.sys      Fri Nov 14 17:30:38 2014 (5466ACBE)
8700f000 87060000   dxgmms1  dxgmms1.sys  Fri Nov 14 19:37:18 2014 (5466CA6E)
87060000 8706c000   BasicRender BasicRender.sys Fri Nov 14 19:39:04 2014 (5466CAD8)
8706c000 8707c000   Npfs     Npfs.SYS     Fri Nov 14 19:40:15 2014 (5466CB1F)
8707c000 87087000   Msfs     Msfs.SYS     Fri Nov 14 19:40:14 2014 (5466CB1E)
87087000 870a1000   tdx      tdx.sys      Fri Nov 14 19:36:46 2014 (5466CA4E)
870a1000 87118000   afd      afd.sys      Fri Nov 14 19:36:56 2014 (5466CA58)
87118000 8716d000   rdbss    rdbss.sys    Fri Nov 14 19:37:30 2014 (5466CA7A)
8716d000 87178000   npsvctrig npsvctrig.sys Fri Nov 14 19:38:19 2014 (5466CAAB)
87178000 87195000   dfsc     dfsc.sys     Fri Nov 14 19:37:59 2014 (5466CA97)
87195000 871ae000   intelppm intelppm.sys Fri Nov 14 17:30:38 2014 (5466ACBE)
871ae000 871d1000   quarkserial quarkserial.sys Mon Mar 17 15:47:17 2014 (53277B75)
871d1000 871dc000   usbohci  usbohci.sys  Fri Nov 14 19:39:14 2014 (5466CAE2)
871dc000 871e6000   stmac6x  stmac6x.sys  Fri Nov 14 19:38:22 2014 (5466CAAE)
871e6000 871ee000   dmap     dmap.sys     Fri Nov 14 19:38:03 2014 (5466CA9B)
871ee000 871f6000   quarklgpio quarklgpio.sys Fri Nov 14 19:38:04 2014 (5466CA9C)
87200000 8720c000   nsiproxy nsiproxy.sys Fri Nov 14 19:36:39 2014 (5466CA47)
87213000 873ea000   tcpip    tcpip.sys    Fri Nov 14 19:39:10 2014 (5466CADE)
873ea000 873f6000   TDI      TDI.SYS      Fri Nov 14 19:38:38 2014 (5466CABE)
873f6000 87400000   kdnic    kdnic.sys    Fri Nov 14 19:38:13 2014 (5466CAA5)

Unloaded modules:
82266000 82289000   cdrom.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00023000
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)