Kernel Debugging over Serial Port

Hey guys, I have been trying for two days to set up kernel debugging and it simply does not work out well.

I am using an USB-Serial port on the host computer connected to a PCI Serial Port on the target machine. Could this be the problem?

I did check communication and it works fine… the debugger sends “iiii” and “b” when I click on break, but nothing happens on the target machine.

This is what I ve done so far:
Target Machine:
-bcdedit /debug on
-bcdedit /dbgsettings serial debugport:3 baudrate:115200
-reboot
-set same workgroup
-enabled file and printer sharing
-disabled password protection
-disabled all firewall
-set all inbound firewall rules to any IP according to msdn docs
-enabled administrator account and set a password to it in “Local Users And Groups”
-reboot several times in between these configuration changes

Host Machine:
-set baudrate to 115200 and chose the correct serial port
-Tried using both VS and WinDbg to do the kernel debugging
-In VS tried to setting manually, the dbg runs, says on the screen:
Opened \.\COM1
Waiting to reconnect…
PC\User (npipe WinIDE_01D05D081496CA15) connected at Thu Mar 12 18:04:17 2015

At the command line says:
Waiting to connect to target…

And it never breaks into the target machine.

-In WinDbg it says:
Opened \.\com1
Waiting to reconnect…

And in command line:
Debuggee not connected

And also never breaks into the target machine.

I have checked that the bcdedits are properly set, and they are. Help?

You rebooted the target machine right?

Also I usually use Reconnect as well (check box in Windbg).

Just for laughs what version of Windows are you using for your target machine? and what version of Windbg are you using?

JC

Yes, by now I have rebooted it thousand times…
I did try with the reconnect check box checked… still doesnt work.

I am using Windows 7 x64 Ultimate in both machines.
On host machine I use VS 2012 Ultimate and WinDbg 6.9300.17200 AMD64.

Does your PCI serial port look like a standard port (i.e. uses 8 I/O ports
with the standard port numbers for example COM1 3F8-3FF with IRQ 4)? If not
serial debugging is not going to work.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Thursday, March 12, 2015 5:52 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Kernel Debugging over Serial Port

Yes, by now I have rebooted it thousand times…
I did try with the reconnect check box checked… still doesnt work.

I am using Windows 7 x64 Ultimate in both machines.
On host machine I use VS 2012 Ultimate and WinDbg 6.9300.17200 AMD64.


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Thanks for the reply Don,
one of the serial ports is a PCI 2S1P like this one:
http://www.encore-usa.com/br/support/ENLPC-2S1P

and the other a USB-Serial Adapter like this one:
http://plugable.com/2011/07/04/how-to-change-the-com-port-for-a-usb-serial-adapter-on-windows-7

I did not quite understand the 8 I/O ports with standard numbers…
I looked it goes from COM1 to COM 256…

Does it have anything to do with number of data bits, stop bits, flux control or parity config?

If you boot into your bios (uefi) does it show any com ports?

Mark Roddy

On Thu, Mar 12, 2015 at 6:37 PM, wrote:

> Thanks for the reply Don,
> one of the serial ports is a PCI 2S1P like this one:
> http://www.encore-usa.com/br/support/ENLPC-2S1P
>
> and the other a USB-Serial Adapter like this one:
>
> http://plugable.com/2011/07/04/how-to-change-the-com-port-for-a-usb-serial-adapter-on-windows-7
>
> I did not quite understand the 8 I/O ports with standard numbers…
> I looked it goes from COM1 to COM 256…
>
> Does it have anything to do with number of data bits, stop bits, flux
> control or parity config?
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

I mean that the PCI chip has 8 ports that access by IN and OUT instructions,
i.e. it looks exactly like a legacy comport. Unfortunately, most PCI cards
do not map this way. Go into the Device Manager on the test system without
debugging and what resources are shown for the COM port?

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Thursday, March 12, 2015 6:38 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Kernel Debugging over Serial Port

Thanks for the reply Don,
one of the serial ports is a PCI 2S1P like this one:
http://www.encore-usa.com/br/support/ENLPC-2S1P

and the other a USB-Serial Adapter like this one:
http://plugable.com/2011/07/04/how-to-change-the-com-port-for-a-usb-serial-a
dapter-on-windows-7

I did not quite understand the 8 I/O ports with standard numbers…
I looked it goes from COM1 to COM 256…

Does it have anything to do with number of data bits, stop bits, flux
control or parity config?


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

I just looked at the site some more and realized they ship their own driver
for the COM ports, that almost guarantee’s the board will not work with
debugging since the standard driver would have taken the ports if they were
debugging compatible.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Thursday, March 12, 2015 7:11 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Kernel Debugging over Serial Port

I mean that the PCI chip has 8 ports that access by IN and OUT instructions,
i.e. it looks exactly like a legacy comport. Unfortunately, most PCI cards
do not map this way. Go into the Device Manager on the test system without
debugging and what resources are shown for the COM port?

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Thursday, March 12, 2015 6:38 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Kernel Debugging over Serial Port

Thanks for the reply Don,
one of the serial ports is a PCI 2S1P like this one:
http://www.encore-usa.com/br/support/ENLPC-2S1P

and the other a USB-Serial Adapter like this one:
http://plugable.com/2011/07/04/how-to-change-the-com-port-for-a-usb-serial-a
dapter-on-windows-7

I did not quite understand the 8 I/O ports with standard numbers…
I looked it goes from COM1 to COM 256…

Does it have anything to do with number of data bits, stop bits, flux
control or parity config?


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

I thought serial kernel debugging ONLY worked on serial ports that looked like legacy 16550 chips. I see the card you referenced also lists downloadable drivers, so would not be optimistic.

If you have a PCI/PCIe slot, use 1394 debugging, it’s WAY better than serial debugging, and works on all Windows versions since almost forever. If your debugging Win 8 or later, you can also pop in a compatible Ethernet card, like one with the appropriate Realtek chips. Ethernet debugging is WAY faster than serial debugging (but not as fast as 1394), and you don’t need any special hardware at the debugger machine end. I’ve heard some people say certain power management scenarios can only be debugged via serial debugging, although I haven’t personally needed to use serial debugging for quite a few years now. I’m a BIG fan of 1394 kernel debugging with a PCIe card using a LSI chipset on both ends.

Jan

On 3/12/15, 3:37 PM, “xxxxx@hotmail.com” wrote:

>Thanks for the reply Don,
>one of the serial ports is a PCI 2S1P like this one:
>http://www.encore-usa.com/br/support/ENLPC-2S1P
>
>and the other a USB-Serial Adapter like this one:
>http://plugable.com/2011/07/04/how-to-change-the-com-port-for-a-usb-serial-adapter-on-windows-7
>
>I did not quite understand the 8 I/O ports with standard numbers…
>I looked it goes from COM1 to COM 256…
>
>Does it have anything to do with number of data bits, stop bits, flux control or parity config?
>
>
>—
>NTDEV is sponsored by OSR
>
>Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
>OSR is HIRING!! See http://www.osr.com/careers
>
>For our schedule of WDF, WDM, debugging and other seminars visit:
>http://www.osr.com/seminars
>
>To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

“Jan Bottorff” wrote in message news:xxxxx@ntdev…

I’m a BIG fan of 1394 kernel debugging with a PCIe card using a LSI chipset
on both ends.

We did (finally) hunt down and stock the correct 1394b PCIe cards in our
online store:

https://store.osr.com/product/1394-card-for-debugging-pcie/

They really do rock for kernel debugging, it’s faster than I would have
believed.

-scott
OSR
@OSRDrivers

“Jan Bottorff” wrote in message news:xxxxx@ntdev…

I thought serial kernel debugging ONLY worked on serial ports that looked
like legacy 16550 chips. I see the card you referenced also lists
downloadable drivers, so would not be optimistic.

If you have a PCI/PCIe slot, use 1394 debugging, it’s WAY better than serial
debugging, and works on all Windows versions since almost forever. If your
debugging Win 8 or later, you can also pop in a compatible Ethernet card,
like one with the appropriate Realtek chips. Ethernet debugging is WAY
faster than serial debugging (but not as fast as 1394), and you don’t need
any special hardware at the debugger machine end. I’ve heard some people say
certain power management scenarios can only be debugged via serial
debugging, although I haven’t personally needed to use serial debugging for
quite a few years now. I’m a BIG fan of 1394 kernel debugging with a PCIe
card using a LSI chipset on both ends.

Jan

On 3/12/15, 3:37 PM, “xxxxx@hotmail.com
wrote:

>Thanks for the reply Don,
>one of the serial ports is a PCI 2S1P like this one:
>http://www.encore-usa.com/br/support/ENLPC-2S1P
>
>and the other a USB-Serial Adapter like this one:
>http://plugable.com/2011/07/04/how-to-change-the-com-port-for-a-usb-serial-adapter-on-windows-7
>
>I did not quite understand the 8 I/O ports with standard numbers…
>I looked it goes from COM1 to COM 256…
>
>Does it have anything to do with number of data bits, stop bits, flux
>control or parity config?
>
>
>—
>NTDEV is sponsored by OSR
>
>Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
>OSR is HIRING!! See http://www.osr.com/careers
>
>For our schedule of WDF, WDM, debugging and other seminars visit:
>http://www.osr.com/seminars
>
>To unsubscribe, visit the List Server section of OSR Online at
>http://www.osronline.com/page.cfm?name=ListServer

Thanks for all the replies gentlemen.
In the end I managed to attach the debugger using the USB-Serial converter in the host computer connected directly to a Serial port of the motherboard of the target computer.

Just a question now, maybe it should be another thread, but I think its a fairly simple one.
I am debugging an NDIS protocol driver which has a BSOD on driver load/unload.
It happens in a ratio of 1:20000 so I cannot put any break points into the code.
I will be running a BAT file to continuously load and unload the driver until I get the BSOD.
What is the best way to debug this??
Just attach the debugger and get the BSOD then use !analyse?

Thanks again

Are you running under driver verifier?

If not, I’d start there.

mm
On Mar 13, 2015 9:48 AM, wrote:

> Thanks for all the replies gentlemen.
> In the end I managed to attach the debugger using the USB-Serial converter
> in the host computer connected directly to a Serial port of the motherboard
> of the target computer.
>
> Just a question now, maybe it should be another thread, but I think its a
> fairly simple one.
> I am debugging an NDIS protocol driver which has a BSOD on driver
> load/unload.
> It happens in a ratio of 1:20000 so I cannot put any break points into the
> code.
> I will be running a BAT file to continuously load and unload the driver
> until I get the BSOD.
> What is the best way to debug this??
> Just attach the debugger and get the BSOD then use !analyse?
>
> Thanks again
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

runtime tracing with or without an attached debugger. Its NDIS so you may
have to use ETW and you have to be able to fetch the etw logs from a
crashed system. !wmitrace.logdump is helpful.

Mark Roddy

On Fri, Mar 13, 2015 at 12:45 PM, wrote:

> Thanks for all the replies gentlemen.
> In the end I managed to attach the debugger using the USB-Serial converter
> in the host computer connected directly to a Serial port of the motherboard
> of the target computer.
>
> Just a question now, maybe it should be another thread, but I think its a
> fairly simple one.
> I am debugging an NDIS protocol driver which has a BSOD on driver
> load/unload.
> It happens in a ratio of 1:20000 so I cannot put any break points into the
> code.
> I will be running a BAT file to continuously load and unload the driver
> until I get the BSOD.
> What is the best way to debug this??
> Just attach the debugger and get the BSOD then use !analyse?
>
> Thanks again
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Thanks for the help guys, will see how I do here!

> What is the best way to debug this??

Crash dump analyzis.

Verifier’s special pool.


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

Hi All,

I am returning back to kernel debugging after a long time, I am using
ajay’s USB debug cable. I have set the target machine with msconfig , debug
enabled and USB debug, also disabled legacy USB. In the host I have
installed the windbg with drivers properly installed for debug cable. But
some how windbg is waiting for the target but not connecting. How to debug
this debug setup.

Usually we enable sym noisy to check whether the symbols got properly
mapped, is there anything similar to that for checking my debug setup and
see precisely where exactly it is waiting.

On Saturday, March 14, 2015, Maxim S. Shatskih
wrote:

> > What is the best way to debug this??
>
> Crash dump analyzis.
>
> Verifier’s special pool.
>
> –
> Maxim S. Shatskih
> Microsoft MVP on File System And Storage
> xxxxx@storagecraft.com <javascript:>
> http://www.storagecraft.com
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></javascript:>

sanand wrote:

I am returning back to kernel debugging after a long time, I am using
ajay’s USB debug cable. I have set the target machine with msconfig ,
debug enabled and USB debug, also disabled legacy USB. In the host I
have installed the windbg with drivers properly installed for debug
cable. But some how windbg is waiting for the target but not
connecting. How to debug this debug setup.

USB debugging is by far the most delicate configuration. You have to
find and use port 0 on the root hub of the EHCI host controller on the
target system, and in some cases port 0 is not actually wire to an
external port.

If your target is running Windows 8, use Ethernet. That is by far the
easiest choice. If not, try to find a 1394 card for both ends. If not,
then fall back to a serial port.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Thanks Tim for the response.

On Monday, March 16, 2015, Tim Roberts wrote:

> sanand wrote:
> >
> > I am returning back to kernel debugging after a long time, I am using
> > ajay’s USB debug cable. I have set the target machine with msconfig ,
> > debug enabled and USB debug, also disabled legacy USB. In the host I
> > have installed the windbg with drivers properly installed for debug
> > cable. But some how windbg is waiting for the target but not
> > connecting. How to debug this debug setup.
>
> USB debugging is by far the most delicate configuration. You have to
> find and use port 0 on the root hub of the EHCI host controller on the
> target system, and in some cases port 0 is not actually wire to an
> external port.
>
> If your target is running Windows 8, use Ethernet. That is by far the
> easiest choice. If not, try to find a 1394 card for both ends. If not,
> then fall back to a serial port.
>
> –
> Tim Roberts, xxxxx@probo.com <javascript:>
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></javascript:>