How can I perform a kernel debug?

A. To perform a kernel debug, the computer should be connected via a null modem cable or a modem connection for dial in purposes. The computers will be referred to as "Host" for the machine that will perform the debug, and "Target" for the machine that has the problem and is being debugged.

The computers should both be running the same version of Windows NT and the symbol files for the Target machine should be installed on the Host computer. The symbol files are supplied on the Windows NT installation CD-ROM in the Support\Debug directory.

The Target computer's boot.ini entry needs to be modified to allow debugging as follows:

  1. Modify boot.ini to be editable
    attrib c:\boot.ini -r -s
  2. Edit the file and edit the Windows NT start line to include /debug (to tell the system to load the kernel debugger into memory at bootup). Other options are /Debugport to tell which COM port to use (by default COM2) and /Baudrate for the speed (by default 19200, better to be 9600), e.g.
    \[operating systems\]
    multi(0)disk(0)rdisk(0)partition(0)\WINDOWS="Windows NT Debug" /debug /debugport=com2 /baudrate=9600
  3. Save the file
  4. Set boot.ini attributes back
    attrib c:\boot.ini +r +s

In the example above the Target machine will allow debug connection using Com2: at a speed of 9600 bps.

The host computer needs to be configured with the information it needs to perform the debug and the installation of the symbol files.

To install the symbol files move to the \support\debug directory on the CD-ROM and enter the command

expndsym <CD-ROM>: <target drive and directory>
e.g. expndsym f: d:\symbols

This may take some time. Remember if you have installed service packs on the target machine the symbol files for these will also need to be installed on the host computer. The symbol files for service packs need to be download from Microsoft separately.

The next stage is to configure the environment variables needed for the debugging, such as the symbol file location etc., these are outlined below.

_NT_DEBUG_PORT COM port to be used, e.g. COM2:
_NT_DEBUG_BAUD_RATE Speed for the connection, e.g. 9600, make sure this matches the /baudrate specified on the target machine
_NT_SYMBOL_PATH Location of the symbols files (where you expanded them to using the expndsym utility)
_NT_LOG_FILE_OPEN Name of the file used for the log of the debug session (optional)

It may be worth putting the definition of the above into a command file to avoid having to type in the commands every time, e.g.

echo off
set _nt_debug_port=com2
set _nt_debug_baud_rate=9600
set _nt_symbol_path=d:\symbols\i386
set _nt_log_file_open=d:\debug\logs\debug.log

Next you should copy over the kernel debug software which is located in the support\debug\<processor> directory on the NT installation CD-ROM, e.g. support\debug\I386. It is easier just to copy over the entire directory as it is not very large (around 2.5MB). The actual debugger for the I386 platform is I386KD.EXE and you would just enter I386KD to start the debugger. To enter a command press CTRL+C and wait for the kd> prompt.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.