How to debug Windows kernel

Reading time icon 4 min. read


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Kernel

A kernel can be considered one of the building blocks of Windows as an operating system. This is mainly because it controls all the processes running on the system.

That being said, any problems and issues with the kernels can result in crippling functionality issues for your PC, which includes Blue Screen of Death errors.

Unfortunately, not even Windows 10, the latest version of the Windows OS is not safe from such issues. One piece of good news is that kernel code can be debugged, as long as you know how.

Fortunately, kernel debugging is possible and made easier through the presence of kernel debuggers.

How can I start Kernel debugging?

The answer to that question is quite complex, but suffice it to say that you need to follow a set of predefined steps before you can start:

1. Determine what PC is the host, and what PC is the target

The most basic thing that you need to know is that you cannot start debugging without a kernel debugger. The kernel debugger will run on the host system, while the code that needs debugging will run on the target system.

The two systems can be one and the same, but certain conditions need to be met beforehand.

2. Determine if you’ll do a kernel-mode or a user-mode debugging

Choosing what type of debugging isn’t that hard. All you need to do is determine what type of debugging will be more efficient.

  • Kernel-mode code has permission to access any part of the system and can gain access to any part of any other process running in either user mode or kernel mode
  • User-mode has more restrictions applied to it, but it has the benefit of not being able to tamper with actual system resources if things go wrong

3. Choose a debugging environment

The Debugging environment is basically the program you will be using to do the debugging with. WinDbg works well in most situations, but there are times when others may work better, such as console debuggers for automation or Visual Studio.

4. Figure out how you’ll connect the target and host

Usually, both target and host systems are connected by an Ethernet network. If you are doing early bring-up work, or you lack an Ethernet connection on a device, other network connectivity options can be used.

5. Choose between 32-bit or 64-bit debugging tools

This is probably the easiest step of them all since it depends on what version of Windows the host and target are running, and whether or not the code that needs debugging is 32-bit or 64-bit code.

6. Configure your symbols

If you are using an environment like WinDbg , you’ll need to configure the right symbols if you’ll want to use all of its advanced functionalities. If you don’t configure them, you won’t be able to use any of the debugger’s features that depend on those symbols.

7. Configure the source code

The path to the source code needs to be defined, even in the eventuality of it being your own source code. Thus, configuring a path to it in all cases is mandatory.

8. Become familiar with debugging

Debugger operations and techniques aren’t all that hard once you get used to them. This is thanks to the extensive documentation that comes with each operation, all of which is described in a step-by-step manner.

9. Use the debugger reference commands

You can’t know it all, and you can’t remember anything forever, but what you can do is look for the debugger reference commands that are there to help.

One good example is the .hh command, which will display help documentation about every single command available.

10. Use debugging extensions

Code can be extremely complex and it branches out in a variety of ways. Because of that, your environments may not be enough to perform the debugging.

Thus, using debugging extensions that provide parsing of domain-specific data structures can be very useful.

Closing thoughts

The steps mentioned above are all the basic procedures that you need to go through when attempting a kernel debugging.

Of course, there are many specific situations where these steps may vary, but the bottom line is all of them involve more or less these basic 10 steps.

Did our article help you better understand how you can start kernel debugging? Let us know what your opinions are in the comment section below.

More about the topics: Windows Kernel