Preface

This article is for explanation WinDbg And virtual machine debugging driver .
Don't involve WinDbg And virtual machine configuration .
The debugging environment is WinDbg+VMware+Win7

One 、 Build debugging environment

Run the operating system in the virtual machine in debug state , Then with WinDbg Establishing a connection ·.

Two 、 Drop breakpoints in the driver to be debugged

1.WinDbg Open the driver file in

2. Drop breakpoints in the driver

bp CharConvertRing0!DeviceIoControlDispatch

among bp yes WinDbg Instruction of middle and lower breakpoints ,CharConvertRing0 Is the driver source file to debug ,DeviceIoControlDispatch Is the function to debug .

then g Command to keep the operating system running .

3、 ... and 、 Ready to debug

1. Load the driver file in the operating system of the virtual machine

2. In the operating system of the virtual machine vs Open the three ring program for debugging

Four 、 Start debugging

1.vs After the middle and lower breakpoints F5 Key start debugging .

2. In the function to debug F11 Key into the function

Here I am Ring3 call DeviceIoControl Function to send... To the driver IRP,IRP（IRP_MJ_DEVICE_CONTROL） Driven DeviceIoControlDispatch Dispatch functions to capture , So I went straight into DeviceIoControlDispatch function .

This can be like vs Same single step debugging , The shortcut keys for single step debugging are shown in the figure below ：

3.WinDbg Other windows of

Can be in WinDbg View other windows in , Like a surveillance window Watch, Memory window Memory, Register window, etc .

summary

The boundless life is like a wilderness