none
Debugging bootmgfw.efi x64 with windbg

    General discussion

  • I recently have tried to debug bootmgfw.efi x64 version of Windows 8.

    I use last debugging tools (Windbg x64) for Windows 8 from a windows 7 station (x64).

    So i used bcdedit to enable bootdebug on {bootmgr} partition, serial as debug type, debugport 2 and baudrate at 115200.

    Next i ran "windbg.exe -k com:port=\\.\pipe\kdebug,baud=115200,pipe,reconnect" command to connect to the debugger stub and i have this message.

    Microsoft (R) Windows Debugger Version 6.2.9200.16384 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    Opened \\.\pipe\kdebug
    Waiting to reconnect...
    Connected to Windows Boot Debugger 9200 x64 target at (Tue Oct  2 10:45:15.324 2012 (UTC + 2:00)), ptr64 TRUE
    Kernel Debugger connection established.
    Symbol search path is: srv*c:\symbols.pub*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    CS descriptor lookup failed
    Windows Boot Debugger Kernel Version 9200 UP Free x64
    Machine Name:
    Primary image base = 0x00000000`10000000 Loaded module list = 0x00000000`10183280
    System Uptime: not available
    Access violation - code c0000005 (first chance)
    First chance exceptions are reported before any exception handling.
    This exception may be expected and handled.
    Unable to get program counter
    0018:942f 0000            add     byte ptr [bx+si],al

    From here, i can't do anything: single step, continue running,...

    Note that i have no problem to debug winload.exe by setting bootdebug mode on {current} partition, it works like a charm.

    It seems that CS/SS segment values are wrong although CPU classical registers contains right values for RIP, RSP,...

    Stack trace is working very well with all symbols handled but can't go further:

    kd> k
    Child-SP          RetAddr           Call Site
    00000000`60fcd848 00000000`10052aec bootmgfw!DbgBreakPointWithStatus
    00000000`60fcd850 00000000`100529bc bootmgfw!vDbgPrintExWithPrefixInternal+0x128
    00000000`60fcd940 00000000`10093011 bootmgfw!DbgPrint+0x20
    00000000`60fcd970 00000000`10093670 bootmgfw!BlBdStart+0x141
    00000000`60fcd9b0 00000000`10034323 bootmgfw!BlBdInitialize+0x388
    00000000`60fcda50 00000000`100013d8 bootmgfw!BlInitializeLibrary+0x33
    00000000`60fcda80 00000000`1000101e bootmgfw!BmMain+0x208
    00000000`60fcdbe0 00000000`60fd10cf bootmgfw!EfiEntry+0x1e
    00000000`60fcdc10 80000000`00000003 0x60fd10cf
    00000000`60fcdc18 00000000`5ebe2c18 0x80000000`00000003
    00000000`60fcdc20 00000000`00000000 0x5ebe2c18
    kd> p
        ^ Unable to get program counter 'p'




    Tuesday, October 02, 2012 8:56 AM

All replies