Windows on ARM is slowly getting its way on the market (again). Some Windows internals enthusiasts can’t wait to peek under the hood, which goes hand-in-hand with question whether attaching remote kernel debugger - and disabling Secure Boot - is possible. Of course, it is.
Recently I’ve got lucky enough to put my hands on HP Envy x2, which - at the time of this writing - is only one of 3 devices on the market that officially supports Windows 10 on 64-bit ARM (other 2 devices being ASUS NovaGo and Lenovo Miix 630). Currently, all 3 devices have Snapdragon 835, a Qualcomm 64-bit ARM (aarch64) CPU and generally, these devices don’t differ much in the terms of technical specifications.
I’d like to note that while I was able to make remote kernel debugging work with HP Envy x2, it might not be possible for other devices. Specifically, I’ve been told that while disabling Secure Boot is possible on ASUS NovaGo, attaching remote kernel debugger via KDNET over USB is not. This might be because HP Envy x2 has USB-C, while ASUS NovaGo has regular USB 3.1 port. I know nobody who tried this on Lenovo Miix 630, but assuming it has USB-C as well, it should work.
As for USB cable, any USB-C to USB-C or even USB-C to USB-A cable should do the trick. I’ve been using my charging cable from Samsung Galaxy S9+ (USB-C to USB-A) without any problems.
Today, when someone wants to debug the Windows kernel remotely, it’s mostly done via network - KDNET. MSDN offers detailed documentation on how to achieve that. But what if you’re presented with a device - such as laptop, tablet or phone - that doesn’t have any Ethernet port? If you have a device with USB port, EHCI/xHCI controller that supports debugging, you can use a special USB cable and follow MSDN instructions. Unfortunatelly, this method has several disadvantages:
The another option is to make KDNET work over USB. “What is that?!”, you may ask, followed by “…there’s nothing on MSDN about that!”. And you’d be kinda right. After a bit of googling, you’ll find out that there are some mentions about it burried deep down in Windows HLK Test reference or Azure’s github on how to connect Inventec Avatar device (whatever that is) to Windows 10 IoT.
They both mention having VirtEth.exe as a prerequisite, which I was unable to find on the Internet. Apparently, it’s supposed to be packed in Windows Phone Kit which appears to be available only to particular OEM/vendors. I started to lose any hope, when suddenly I just spotted a new network adapter in my network settings:
so, it’ll maybe work somehow!
After a bunch of ipconfig
commands and a few trial-and-errors, I actually succeeded.
I’m not sure how recent this feature is and since which Windows version is this feature
available (the only computers I’ve tested it with are running Windows 10 RS5). I’m not
even sure if Microsoft decides to properly document this debugging method. But in any
case, here are steps you need to perform:
ESC
button during boot)bcdedit /debug on
bcdedit /dbgsettings net hostip:169.254.255.255 port:50000 key:1.2.3.4
(dummy IP, because we don’t know what address will be assigned to the host)
ipconfig
(it might take some time until the IP is assigned)bcdedit /dbgsettings net hostip:X.X.X.X port:50000 key:1.2.3.4
where X.X.X.X = correct IP of host’s KDNET adapter determined in step #6
ipconfig
, and look for Ethernet adapter with (Kernel Debugger)
in its name, take note of its IP addresswindbg -k net:port=50000,key=1.2.3.4,target=<target ip>
- or use WinDbgX preview… it might take some time until it connects
Note: If it doesn’t work, check your firewall settings.