Versions Compared

Old Version 5

changes.mady.by.user Ross Philipson

Saved on

compared with

New Version Current

changes.mady.by.user Steve Meisner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info
iconNone

Copyright 2014 by Citrix Systems Inc. Created by Ross Philipson <ross.philipson@citrix.com><philipsonr@ainfosec.com>. This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/.

...

Note: On OpenXT platforms, be sure to disable stub domains before attempting to connect the VM to the debuggereither disable stubdomains, or modify them as noted in the section below.

TODO: Reformat this section, it is a bit of a mess.

...

  • Install the Debugging Tools For Windows if you do not have them. You will also need to setup symbol and source code paths. The WinDbg documentation describes how to do this. The package can be found here:
    http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx
    It seems recently that the Debugging Tools For Windows have been moved into the WDK/SDK/Visual Studio installs so to get the most recent versions, this is where to look.
  • Setup the symbol path. This is done in Control Panel -> System ->Advanced -> Environment Variables. Make a New System environment variable like the one shown below. The first part of the following sets up C:\Mydir\symbols for local symbols. The second part after the ; is pulling public symbols from MS down into a local cache in C:\Mydir\symwin.
     _NT_SYMBOL_PATH = C:\Mydir\symbols;SRV*C:\Mydir\symwin*http://msdl.microsoft.com/download/symbols
  • Get a copy of File:sockpipeof sockpipe.exe tool. This tool is an OpenXT tool that comes from the this repository. The tool has been attached to this page also.should be built during the standard Windows build process, and can be found in xc-windows/sockpipe. 
  • Run sockpipe.exe from the command line as follows:
    sockpipe.exe debugpipe 7204
    • You may want to create a shortcut with the above arguments to streamline things. 
  • Run WinDbg with arguments for connected to the pipe created by sockpipe:
    windbg -k com:pipe,port=\\.\pipe\debugpipe
  • At this point WinDbg is connected to sockpipe via the pipe above and waiting for the target system to start. The sockpipe application is listening on a socket for an connection from the target HVM (from the qemu to be precise).
  • It's also possible to debug in a Visual Studio environment–see Setting Up Kernel-Mode Debugging of a Virtual Machine in Visual Studio on the MSDN.
    • At the time of writing, Visual Studio 2015 suffers from a bug that blocks the "configure test machines" dialog--try configuring from VS2013 if this is a problem. 

On the target XenClient computer (the debuggee):

  • Boot the HVM you wan't want to debug and create a boot entry for debugging. On XP it would involves adding a boot.ini entry. First the file needs to be unhidden and made writable:
    C:\>attrib -r -h -s boot.ini
    The copy an existing line from the boot.ini file and paste a new one in - make it look like this:
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /debug /debugport=COM1 /baudrate=115200
  • On Vista and Win7 you need to use the bcdedit tool to setup a new boot entry. First lauch a command windows as Administrator and do this:
    bcdedit /copy {current} /d win7debug
    Then run msconfig from the same command windows. Select the Boot tab and locate your new win7debug boot entry. Select it and Advanced options. Check the Debug checkbox and in the Global debug settings section set the Debug port to COM1 and the Baud reate to 115200. Note that the Debugging Tools For Windows help has information on setting up both the host and target machines.
  • Shut the VM down and first disable SELinux - it will interfere with debugging. From a terminal in dom0:
    # disable for until reboot
nr
setenabledsetenforce 0

# or disable forever, first you need to make the fs writeable
rw
# edit /etc/selinux/config and set to permissive
ro
  • Next edit the xenvm config file for the VM. Add a virtual serial port to it that connect to the host machine as follows. The values can be set in a VM's config file using the folloiwing command in dom0 (note the nodelay option turns of naggling which can disrupt debugger operation):
    db-write /vm/<uuid>/config/extra-xenvm/0 "serial=tcp:<ip>:<port>,nodelay"
    This also works:
    xec-vm -n <vmname> set extra-xenvm "serial=tcp:<ip>:<port>,nodelay"
    The examples above have qemu connecting out to a listening sockpipe. You can also have qemu listen for incoming sockpipe connections (as a server) with the following (note the nowait will prevent qemu from waiting for a client connection):
    xec-vm -n <vmname> set extra-xenvm "serial=tcp::<port>,server,nodelay,nowait"
  • Important: If XL is in use (as with later versions of OpenXT), be sure to format the xec-vm properly. For example:

xec-vm -n Win7-XSPV set extra-xenvm "serial=[\"tcp:192.168.1.60:7204,nodelay\"]"



  • Before restarting the VM, make sure that the sockpipe listening app is running - QEMU will try to make a TCP connection to it. Also make sure there are not firewalls or other network issues that could prevent the connection. If QEMU cannot connect, it will spit out a message that looks like this:
    Unknown internal error. Error code: 199. Message: Dm.Ioemu_failed("Device model 0 on dm-agent 8 died (status = unknown)")
  • Restart the HVM and select the debug boot entry. Early in the VM boot process the debugging session will connect.

...

~/unpacked$ gunzip stubdomain-initramfs.gz
~/unpacked$ sudo cpio -i -d -H newcidv < stubdomain-initramfs

Next edit ~/unpacked/etc/xen/scripts/qemu-ifup and change this line, obviously using a static address that makes sense:

...

TODO: This is all wrong now. The Powershell script do_sign.ps does the signing. This needs to be updated to indicate how to use this script.

...