Skip to content

[winkd] Windows kernel debug, r2 can not debug with winkd plugin #23269

New issue
New issue
Open
Open
[winkd] Windows kernel debug, r2 can not debug with winkd plugin#23269
@Hacksign

Description

@Hacksign
Hacksign
opened on Sep 2, 2024

Environment

>> LC_ALL=C date
Mon Sep  2 19:05:29 CST 2024
>> LC_ALL=C r2 -v
radare2 5.9.2 0 @ linux-x86-64
birth: git.5.9.2 2024-08-01__08:35:56
options: gpl release -O1 cs:5 cl:2 meson
>> LC_ALL=C uname -ms
Linux x86_64

Description

By this guide: https://book.rada.re/debugger/windbg.html

I want connect to a Windows kernel debug environment with VirutualBox. The debugee & debugger is OK with 2 virtual machines through a COM connection.

Now I want the debugee directly connect to r2 debugger running on Linux (in this case, only 1 virtual machine is needed).

The pipe (/tmp/virtualbox-com1) is created by the debugee, but radare2 seems "failed" to connect to the socket, it just told me the socket is opend then stucked :

# R2_DEBUG=1 r2 -a x86 -b 64 -D winkd winkd:///tmp/virtualbox-com1
DEBUG: Cannot find dart in PATH
DEBUG: RCoreCmd: ft dylib *.dlopen *.dlsym *.dlclose *.mmap *.LoadLibrary *.GetProcAddress
DEBUG: RCoreCmd: ft alloc *.malloc *.free$ *.calloc *.kalloc *.realloc
DEBUG: RCoreCmd: ft time *.settimeofday *.gettimeofday *.time *.adjtime *.ctime *.timed *.date$ *.sleep *.Sleep *.usleep *.clock_nanosleep *.localtime *.asctime *.difftime *.gmtime *.mktime *.timelocal *.timegm *.tzfile *.tzset
DEBUG: RCoreCmd: ft env *.getenv *.putenv *.unsetenv *.setenv *.GetEnvironmentVariable *.SetEnvironmentVariable *.ExpandEnvironmentStrings
DEBUG: RCoreCmd: ft fs *.open$ *.close *.read$ *.write *.CloseHandle *.FindFirstFileW *._wfopen *._wstat *.ftruncate *.lseek *._chsize *.GetFullPathName *.realpath *.RemoveDirectory *.DeleteFile *.CreateFile *.WriteFile *.UnmapViewOfFile *.CreateFileMapping *.MapViewOfFile *.readlink *.chmod *.fchmod *.chown *.stat *.fstat *.lstat *.fstatat *.lstat64 *.stat64 *.chflags *.fchflags *.lchflags
DEBUG: RCoreCmd: ft network *.socket *.connect *.bind$ *.listen *.accept *.sendto *.recvfrom *.gethostbyname *.htons *.ntohs
DEBUG: RCoreCmd: ft threads *.pthread_create *.pthread_mutex_init *.pthread_cond_init *.CreateThread *.TerminateThread *.WaitForSingleObject *.GetCurrentThreadId
DEBUG: RCoreCmd: ft process *.getpid *.getppid *.kill *.exit *.abort *.assert *.gethostid *.sethostid *.sysctl
DEBUG: RCoreCmd: ft stdout ^printf *.puts *.write
DEBUG: RCoreCmd: ft string *.strcat *.strcpy *.strncpy *.strlen *.strtok *.strstr *.strlcpy *.asprintf *.sprintf *.snprintf
DEBUG: Cannot open directory '/usr/lib/radare2/5.9.2'
DEBUG: Cannot open directory '/root/.local/share//radare2/plugins'
DEBUG: Cannot open directory '/usr/lib/radare2-extras/5.9.2'
DEBUG: Cannot open directory '/usr/lib/radare2-bindings/5.9.2'
INFO: Opened pipe /tmp/virtualbox-com1 with fd 0x7

Am I miss understanding this guide: https://book.rada.re/debugger/windbg.html ?

I think r2 originally suport kernel debug with winkd plugin on Linux environment. Am I right ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions