Open command prompt as Administrator
“bcdedit /dbgsettings NET HOSTIP:192.168.x.x PORT:55555 nodhcp”
Note the Key
Apply these firewall rules to Proxmox for the VM
(OUT) Src and (IN)Dst UDP on port 55555 on firewall
Start WinDbg on your client machine and select “Attach to kernel”, target the assigned IP, port and key.
Sample response:
|
1 2 3 4 5 6 7 8 9 10 11 |
Using NET for debugging Opened WinSock 2.0 Using IPv4 only. Waiting to reconnect... WARNING: Received data from 169.254.51.18 while still connected to target 192.168.0.189. Connected to target 169.254.51.18 on port 55555 on local IP 192.168.0.189. You can get the target MAC address by running .kdtargetmac command. Connected to target 169.254.51.18 on port 55555 on local IP 192.168.0.189. You can get the target MAC address by running .kdtargetmac command. Connected to Windows 10 26100 x64 target at (Sat May 17 23:36:45.490 2025 (UTC - 7:00)), ptr64 TRUE Kernel Debugger connection established. |
Once connected, hit break | |
Run “.sympath srvC:\MyServerSymbolshttps://msdl.microsoft.com/download/symbols”
Then “.reload”
|
1 |
How to kill a process<br>1: kd> !process 0 0 notepad.exe<br>PROCESS ffffd288361ce080<br> SessionId: none Cid: 2bfc Peb: 7984d36000 ParentCid: 19b0<br> DirBase: 114303002 ObjectTable: ffff848cdf583b40 HandleCount: 865.<br> Image: Notepad.exe<br><br>1: kd> .kill ffffd288361ce080<br>You need to continue execution (press 'g' <enter>) for the kill attempt to occur.<br>1: kd> g<br> |
To load into the context of the process use
|
1 |
||0:1: kd> .process /i ffffd28837458080<br>||0:1: kd> g<br>||0:5: kd> .reload<br>You will want to reload the symbols after swapping context. I will note I believe the .process command allows to automate the reloading of symbols after swapping context.<br>I was sadly unable to get .create or | to work correctly which may have something to do with using kdnet. |