This is a quick note showing how to start debugging Windows kernel using kdnet.exe and WinDBG Preview (the new WinDBG you can get from the Windows Store).
- Debugger - local host on which WinDBG will run. In my case a host with IP
192.168.2.79 - Debuggee - remote host which will be debugged by the host running the debugger. In my case - a host with IP
192.168.2.68
Copy over kdnet.exe and VerifiedNICList.xml to the debugee host. Get these files from a host that has Windows Development Kit installed, in C:\Program Files (x86)\Windows Kits\10\Debuggers\x64:
.png)
Then in an elevated prompt:
kdnet 192.168.2.79 50001
The bewlow shows how kdnet prints out the command that needs to be run on the debugger host:
windbg -k net:port=50001,key=1dk3k2bprui6m.26vzkoub4jmjl.3v6rvfqjys3ek.6kyxal1u1w6s
.png)
Copy and paste to a notepad and reboot the debugee.
In WinDBG Preview, navigate to: start debugging > attach to kernel and enter the port and the key you got from running the kdnet on the debugge host:
.png)
Click OK and you should now be ready to start debugging the host 192.168.2.68:
{% embed url="https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/setting-up-a-network-debugging-connection-automatically" %}