WinDbg kernel mode debugging using ETHERNET not working - debugging

I am trying to get WinDbg to debug a target machine using a manual Ethernet cable as described at https://msdn.microsoft.com/en-us/library/windows/hardware/hh439346(v=vs.85).aspx
However, WinDbg on the host seems to be stuck Waiting to reconnect... forever. Any ideas what could be wrong?
Both machines are running Windows 10 Enterprise x64. I also disabled firewall on both machines.
I double checked both my host and target NICs and made sure they are both supported.
Target NIC is
Intel(R) 82579LM Gigabit Network Connection
PCI\VEN_8086&DEV_1502&SUBSYS_161C103C&REV_04
Host NIC is
Broadcom NetLink(TM) Gigabit Ethernet
PCI\VEN_14E4&DEV_1692&SUBSYS_033D1025&REV_01
bcdedit /dbgsettings shows
C:\WINDOWS\system32>bcdedit /dbgsettings
key 1.2.3.4
debugtype NET
hostip 192.168.0.104
port 50000
dhcp Yes
The operation completed successfully.
I also made sure the host is accessible from my target machine using ping.
ipconfig /all yields the following:
Ethernet adapter Local Area Connection* 1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Kernel Debug Network Adapter
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::20dc:c393:bcdb:b26%3(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, December 4, 2016 11:37:04 AM
Lease Expires . . . . . . . . . . : Sunday, December 4, 2016 1:37:04 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 65278299
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-78-0A..XXX
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

You can run KDNET utility to check whether your NIC is supported for Kernel Debug or not. KDNET should be in the following path if you install the WDK in the default path:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\kdnet.exe
And also, if your NIC is not supported, you can use an virtual machine as a target PC instead, here is the instruction from Microsoft Docs:
Setting Up Kernel-Mode Debugging of a Virtual Machine Manually using a Virtual COM Port

Related

Hyper-V: Connect Xdebug debugger running on guest to debugging client on host

Using Vagrant, I am running a Ubuntu box with PHP-FPM and Xdebug 2 in Hyper-V. The network I am using is Hyper-V's default switch.
From my host, I can connect to the Ubuntu box using SSH and the web server is also accessible using the VM's IP address in my browser address bar. From inside the VM, I can access the internet and I can also ping the host by the IP address of the Hyper-V default switch. So the network seems to be set up correctly.
However, the Xdebug debugger running in the VM won't connect to my IDE (PhpStorm) running on my host.
The xdebug.log shows (172.17.96.1 is the IP address of the Hyper-V default switch)
[2641] Log opened at 2022-09-15 12:59:46
[2641] I: Checking remote connect back address.
[2641] I: Checking header 'HTTP_X_FORWARDED_FOR'.
[2641] I: Checking header 'REMOTE_ADDR'.
[2641] I: Remote address found, connecting to 172.17.96.1:9000.
[2645] E: Time-out connecting to client (Waited: 200 ms). :-(
[2645] Log closed at 2022-09-15 12:59:46
even though PhpStorm on my host seems to be listening on every IP address:
PS C:\Users\me> netstat -a
Active Connections
Proto Local Address Foreign Address State
...
TCP 0.0.0.0:9000 MyLaptop:0 LISTENING
TCP 0.0.0.0:9003 MyLaptop:0 LISTENING
...
If I use telnet in the VM to connect to my host, it doesn't timeout, but it also doesn't connect successfully:
vagrant#ubuntu-18:~$ telnet 172.17.96.1 9000
Trying 172.17.96.1...
It stays at "Trying" forever.
How can I make the Xdebug debugger connect from the VM to PhpStorm on my host?
Edit to include interfaces of my host and of my guest
ipconfig on my host
I shortened my IPv6 address on the WiFi adapter
PS C:\WINDOWS\system32> ipconfig
Windows IP Configuration
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::84b9:f362:fa7f:ae2d%13
IPv4 Address. . . . . . . . . . . : 192.168.56.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Unknown adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 10:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter WiFi:
Connection-specific DNS Suffix . : speedport.ip
IPv6 Address. . . . . . . . . . . : 2003:**********
Temporary IPv6 Address. . . . . . : 2003:**********
Link-local IPv6 Address . . . . . : fe80::bc1a:df06:b465:974b%24
IPv4 Address. . . . . . . . . . . : 192.168.2.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::1%24
192.168.2.1
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter vEthernet (Default Switch):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::99ae:3e6e:68bc:a228%30
IPv4 Address. . . . . . . . . . . : 172.17.96.1
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
Ethernet adapter vEthernet (WSL):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::41c8:f5fb:fbd4:3bef%60
IPv4 Address. . . . . . . . . . . : 172.19.32.1
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
Interface config in the VM
vagrant#ubuntu-18:~$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.111.24 netmask 255.255.240.0 broadcast 172.17.111.255
inet6 fe80::215:5dff:fe38:101 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:38:01:01 txqueuelen 1000 (Ethernet)
RX packets 651 bytes 102218 (102.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 757 bytes 118391 (118.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 90 bytes 7020 (7.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 90 bytes 7020 (7.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Pinging the default switch IP from inside the VM
vagrant#ubuntu-18:~$ ping 172.17.96.1
PING 172.17.96.1 (172.17.96.1) 56(84) bytes of data.
64 bytes from 172.17.96.1: icmp_seq=1 ttl=128 time=0.294 ms
64 bytes from 172.17.96.1: icmp_seq=2 ttl=128 time=0.527 ms
64 bytes from 172.17.96.1: icmp_seq=3 ttl=128 time=0.366 ms
64 bytes from 172.17.96.1: icmp_seq=4 ttl=128 time=0.526 ms
64 bytes from 172.17.96.1: icmp_seq=5 ttl=128 time=0.704 ms
64 bytes from 172.17.96.1: icmp_seq=6 ttl=128 time=0.375 ms
^C
--- 172.17.96.1 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5125ms
rtt min/avg/max/mdev = 0.294/0.465/0.704/0.137 ms
I am running a Ubuntu box with PHP-FPM and Xdebug 2
Xdebug 2 is no longer supported, please upgrade to Xdebug 3.
The xdebug.log shows (172.17.96.1 is the IP address of the Hyper-V default switch)
That is not true, it shows the IP address from where the HTTP request initiated from, because you have remote IP address discovery turned on. This does not work in all situations, especially with virtualisation. This HTTP address is not necessarily an IP address that the Linux guest can talk to on the host.
You will likely need to use the public IP address of your host, which is 192.168.2.200 for xdebug.remote_host:
Wireless LAN adapter WiFi:
Connection-specific DNS Suffix . : speedport.ip
…
IPv4 Address. . . . . . . . . . . : 192.168.2.200
And also disable the auto discovery.

Connecting raspberry pi 3 to my Laptop

Im trying to use my laptop as a monitor, keyboard and mouse for my Rasbperry pi 3. I have connected via Remote Desktop Connection several times. But now it is showing error. I've used Advanced IP Scanner for finding Rpi's IP address. But the address shown against raspberrypi.mshome.net is not working and this name has two to three ip addresses. Following is the output of the command ipconfig:
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::ac0c:bc0f:9eb1:d1b%4
IPv4 Address. . . . . . . . . . . : 192.168.1.127
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::a5d0:981a:2f49:ca41%3
Autoconfiguration IPv4 Address. . : 169.254.202.65
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
I've read somewhere that making the subnet mask and IP same for both my laptop and Rpi will work but I don't know how to do it. Please help.
You should use VNC if you want to manage it from your computer. You have to connect to Raspberry Pi with integrated RealVNC, but before you connect it you have to open the settings.
If you connect the cable with RaspBerry, you should assign a static ip:
Example:
cmdline.txt
ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>
... rootwait ip=192.168.1.200::192.168.1.1:255.255.255.0:rpi:eth0:off ...
next step; You will connect Putty via ssh and enable VNC.
you type ssh raspi-config raspberry pi open settings window, then enter interfacing settings and enable VNC
then install realvnc or something software your pc and write your pi ip for connecting.
this page tells you how: Connect Raspbbery pi VNC VNC Connect
Example cmdline.txt:
dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait
ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>
with these variables, the value of the ethernet port must be the same
ip=192.168.5.200::192.168.5.1:255.255.255.0:rpi:eth0:off
for example :
Ethernet Adapter:
Ip Address: 192.168.5.1
Network Address: 255.255.255.0
cmdline.txt updated version:
dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait ip=192.168.5.200::192.168.5.1:255.255.255.0:rpi:eth0:off
then create a file and ssh the name and then insert this file into your boot/ folder
then insert the memory card into the raspberry and start it up. After 4 to 5 seconds after raspberry is turned on, connect to raspberry with putty.
The address you will connect to is cmdline.txt The ip address you wrote to 192.168.5.200
connection diagram

Can't get IP from DHCP using PowerShell command Set-NetIPInterface

When I configure my Windows Server Core with Sconfig it's working well and get an IP from my DHCP server.
But it's not working with PowerShell. I'm using this command:
Set-NetIPInterface -InterfaceAlias "Ethernet 2" -Dhcp Enabled
ipconfig result:
Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e432:65ae:f7a7:c350%4
Default Gateway . . . . . . . . . :

What is Tunnel adapter isatap?

Hi i am working MAC address of machine. I have created a Application which gives me MAC ADDRESS for that machine.
I have observe that every machine on which i have tested i got Following physical address in every machine
Tunnel adapter isatap.{80A45D7C-0F1D-4270-83DC-B03014CF06A1}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
i have to work with this
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
Can anybody please explain me about this,so that i can decide whether i can skip this physical address

Routing VPN Through VMWARE (Macosx - Windows)

I have a mac running OS X that I need to connect to my company intranet. They have a specific program to do that and it only runs on Windows. I created a windows virtual machine with vmware and I connected it to the VPN.
No, I can't use an alternative program in OS X to connect - like IPSec(protocol), AT&T, etc - and I don't want to reverse engineer the company's tool.
What I need to do now is route the OS X network connection through the windows VM.
Vmware already created a virtual network interface to connect between Windows and OS X.
OS X:
$ifconfig vmnet8
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:50:56:c0:00:08
inet 172.16.27.1 netmask 0xffffff00 broadcast 172.16.27.255
I can ping the Windows 7 VM from OS X:
$ ping 172.16.27.2
| | | |
| | vmware(NAT) | |
|Mac (172.16.27.1) |<----------->|Win(172.16.27.2) |
| | | |
The company's tool created a virtual interface called "Ethernet adapter Local Area Connection 2" that contains the company's intranet IP:
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::c1ab:2fe6:40f5:5fa2%14
IPv4 Address. . . . . . . . . . . : 10.8.15.150
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::7cd7:a40c:336a:69ae%11
IPv4 Address. . . . . . . . . . . : 172.16.27.132
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.27.2
How can I access "10.8.15.150" from OS X? How do I make it "magically" route network traffic through the Windows VM into the VPN?
You could run an HTTP proxy in the Windows VM and configure your OS X network connection to route traffic through the proxy.

Resources