Share this article

Improve this guide

How to debug Windows kernel

4 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Akernelcan be considered one of the building blocks of Windows as an operating system. This is mainly because it controls all theprocessesrunning on the system.

That being said, any problems and issues with the kernels can result in crippling functionality issues for your PC, which includesBlue Screen of Death errors.

Unfortunately, not evenWindows 10, the latest version of the Windows OS is not safe from such issues. One piece of good news is that kernel code can be debugged, as long as you know how.

Fortunately, kernel debugging is possible and made easier through the presence of kernel debuggers.

How can I start Kernel debugging?

The answer to that question is quite complex, but suffice it to say that you need to follow a set of predefined steps before you can start:

1. Determine what PC is the host, and what PC is the target

The most basic thing that you need to know is that you cannot start debugging without a kernel debugger. The kernel debugger will run on the host system, while the code that needs debugging will run on the target system.

The two systems can be one and the same, but certain conditions need to be met beforehand.

2. Determine if you’ll do a kernel-mode or a user-mode debugging

Choosing what type of debugging isn’t that hard. All you need to do is determine what type of debugging will be more efficient.

3. Choose a debugging environment

The Debugging environment is basically the program you will be using to do the debugging with.WinDbgworks well in most situations, but there are times when others may work better, such as console debuggers for automation or Visual Studio.

4. Figure out how you’ll connect the target and host

Usually, both target and host systems are connected by an Ethernet network. If you are doing early bring-up work, or you lack an Ethernet connection on a device, other network connectivity options can be used.

5. Choose between 32-bit or 64-bit debugging tools

This is probably the easiest step of them all since it depends on what version of Windows the host and target are running, and whether or not the code that needs debugging is 32-bit or64-bitcode.

6. Configure your symbols

If you are using an environment likeWinDbg , you’ll need to configure the right symbols if you’ll want to use all of its advanced functionalities.If you don’t configure them, you won’t be able to use any of the debugger’s features that depend on those symbols.

7. Configure the source code

The path to the source code needs to be defined, even in the eventuality of it being your own source code. Thus, configuring a path to it in all cases is mandatory.

8. Become familiar with debugging

Debugger operations and techniques aren’t all that hard once you get used to them. This is thanks to the extensive documentation that comes with each operation, all of which is described in a step-by-step manner.

9. Use the debugger reference commands

You can’t know it all, and you can’t remember anything forever, but what you can do is look for the debugger referencecommandsthat are there to help.

One good example is the.hhcommand, which will display help documentation about every singlecommandavailable.

10. Use debugging extensions

Code can be extremely complex and it branches out in a variety of ways. Because of that, your environments may not be enough to perform the debugging.

Thus, using debugging extensions that provide parsing of domain-specific data structures can be very useful.

Closing thoughts

The steps mentioned above are all the basic procedures that you need to go through when attempting a kernel debugging.

Of course, there are many specific situations where these steps may vary, but the bottom line is all of them involve more or less these basic 10 steps.

Did our article help you better understand how you can start kernel debugging? Let us know what your opinions are in the comment section below.

How to debug Windows kernel#

How can I start Kernel debugging?#

1. Determine what PC is the host, and what PC is the target#

2. Determine if you’ll do a kernel-mode or a user-mode debugging#

3. Choose a debugging environment#

4. Figure out how you’ll connect the target and host#

5. Choose between 32-bit or 64-bit debugging tools#

6. Configure your symbols#

7. Configure the source code#

8. Become familiar with debugging#

9. Use the debugger reference commands#

10. Use debugging extensions#

Closing thoughts#