Debugging windows EFI bootloader
Posted: Tue Oct 02, 2012 4:26 am
I recently have tried to debug bootmgfw.efi x64 version of Windows 8.
I use last debugging tools (Windbg x64) for Windows 8 from a windows 7 station (x64).
So i used bcdedit to enable bootdebug on {bootmgr} partition, serial as debug type, debugport 2 and baudrate at 115200.
Next i ran "windbg.exe -k com:port=\\.\pipe\kdebug,baud=115200,pipe,reconnect" command to connect to the debugger stub and i have this message:
From here, i can't do anything: single step, continue running,...
Note that i have no problem to debug winload.exe by setting bootdebug mode on {current} partition, it works like a charm.
It seems that CS/SS segment values are wrong although CPU classical registers contains right values for RIP, RSP,...
Stack trace is working very well with all symbols handled but can't go further:
I use last debugging tools (Windbg x64) for Windows 8 from a windows 7 station (x64).
So i used bcdedit to enable bootdebug on {bootmgr} partition, serial as debug type, debugport 2 and baudrate at 115200.
Next i ran "windbg.exe -k com:port=\\.\pipe\kdebug,baud=115200,pipe,reconnect" command to connect to the debugger stub and i have this message:
Code: Select all
Microsoft (R) Windows Debugger Version 6.2.9200.16384 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Opened \\.\pipe\kdebug
Waiting to reconnect...
Connected to Windows Boot Debugger 9200 x64 target at (Tue Oct 2 10:45:15.324 2012 (UTC + 2:00)), ptr64 TRUE
Kernel Debugger connection established.
Symbol search path is: srv*c:\symbols.pub*http://msdl.microsoft.com/download/symbols
Executable search path is:
CS descriptor lookup failed
Windows Boot Debugger Kernel Version 9200 UP Free x64
Machine Name:
Primary image base = 0x00000000`10000000 Loaded module list = 0x00000000`10183280
System Uptime: not available
Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
Unable to get program counter
0018:942f 0000 add byte ptr [bx+si],alNote that i have no problem to debug winload.exe by setting bootdebug mode on {current} partition, it works like a charm.
It seems that CS/SS segment values are wrong although CPU classical registers contains right values for RIP, RSP,...
Stack trace is working very well with all symbols handled but can't go further:
Code: Select all
kd> k
Child-SP RetAddr Call Site
00000000`60fcd848 00000000`10052aec bootmgfw!DbgBreakPointWithStatus
00000000`60fcd850 00000000`100529bc bootmgfw!vDbgPrintExWithPrefixInternal+0x128
00000000`60fcd940 00000000`10093011 bootmgfw!DbgPrint+0x20
00000000`60fcd970 00000000`10093670 bootmgfw!BlBdStart+0x141
00000000`60fcd9b0 00000000`10034323 bootmgfw!BlBdInitialize+0x388
00000000`60fcda50 00000000`100013d8 bootmgfw!BlInitializeLibrary+0x33
00000000`60fcda80 00000000`1000101e bootmgfw!BmMain+0x208
00000000`60fcdbe0 00000000`60fd10cf bootmgfw!EfiEntry+0x1e
00000000`60fcdc10 80000000`00000003 0x60fd10cf
00000000`60fcdc18 00000000`5ebe2c18 0x80000000`00000003
00000000`60fcdc20 00000000`00000000 0x5ebe2c18
kd> p
^ Unable to get program counter 'p'