I'm finding it difficult to see the debug output from a kernel-mode driver I'm working on. Unfortunately there is very little resources on the topic of local kernel debugging using Windbg. But I configured Windbg for local kernel debugging very easily i.e. File->Kernel Debug->Local (Tab)->OK. I've also ran the following command (bcdedit /dbgsettings local) from an administrator command prompt. I'm using KdPrintEx to print messages to Windbg but they won't appear. So the target computer and host computer are both the same. Can this be done or in order to print debug messages one needs a two computer configuration or perhaps a virtual machine configuration ?

Any help would be greatly appreciated. Thanks.

CodePudding user response：

obviously you need a two computer setup

local kernel debugging is similar to a memory snapshot it is somewhat stale or maybe intermittantly refreshed

you can try using a vm running inside a physical machine which you can kernel debug over network or serial VMware player does the job most of the time

Edit:

you cannot attach in kernel mode (attach is a term normally associated with debugging an already running user mode process ) under kernel mode debugging ([two computer] ,[ vm,vm ] , [physical,vm], [physical hypervisor] ) you can inspect state and set breakpoints on a live kernel module

a critical kernel module like ntos , hal etc is associated with all the processes

Local kernel debugging does not do anything live
it is like a specimen testing on a pathological lab

(like a syringe full of blood to diagnose if there is a strain of some pandemical organisms you cannot treat the blood you need the physical person to treat the diagnosed problem)
you cannot step ,
you cannot view registers,
you cannot run
you cannot pagein
you cannot set breakpoints