search

gerhart01 / LiveCloudKd

Hyper-V Research is trendy now
147 stars 27 forks source link

Unstable debugger single-step #16

Open gerhart01 opened 9 months ago

gerhart01 commented 9 months ago

After a few single step debugger hangs, or BSOD is caused

https://github.com/gerhart01/LiveCloudKd/issues/14 https://github.com/gerhart01/LiveCloudKd/issues/15

uf0o commented 4 months ago

Hello,

I am getting a reproducible BSOD on the host machine every time I try to set a break point in any securekernel's function.

It happens with either windbg classic and the new one.

both host and guest are running the same win11 version: Microsoft Windows [Version 10.0.22631.3447]

Hardware breakpoints (probably not supported) do not trigger or even cause a bug check. I tried already to disable pagefile and set the guest CPU to 1.

Here's the dumpstack.log file content:

DLOGFILE00010000DUMP / Dump stack initialized at UTC: 2024/05/07 11:34:49, local time: 2024/05/07 13:34:49.

BugCheckCode 0x000000000000003B

BugCheckP1 0x00000000C0000005

BugCheckP2 0xFFFFF803611E90D7

BugCheckP3 0xFFFFC900CE8B2900

BugCheckP4 0x0000000000000000

Progress 0x00000042 Elapsed BugCheck duration 00001683ms Starting get secondary dump callbacks size. Progress 0x00000052 Finish get secondary dump callbacks size. Dump Type: 4, Total Dump Size: 7354343, Secondary Dump Size: 7187943. Starting write of dump header. Finish write of dump header. Starting write of minidump data. Finish write of minidump data. Progress 0x00000044 Elapsed BugCheck duration 00003407ms Starting invoking secondary dump callbacks. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling igdkmdn64.sys secondary callback. Return from igdkmdn64.sys secondary callback. Writing igdkmdn64.sys secondary callback data. Writing igdkmdn64.sys secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling Win32kWPP secondary callback. Return from Win32kWPP secondary callback. Writing Win32kWPP secondary callback data. Writing Win32kWPP secondary callback data done. Calling ibtdrv secondary callback. Return from ibtdrv secondary callback. Writing ibtdrv secondary callback data. Writing ibtdrv secondary callback data done. Calling Intel Wireless WiFi Link Adapter secondary callback. Return from Intel Wireless WiFi Link Adapter secondary callback. Writing Intel Wireless WiFi Link Adapter secondary callback data. Writing Intel Wireless WiFi Link Adapter secondary callback data done. Calling Usb4DeviceRouter secondary callback. Return from Usb4DeviceRouter secondary callback. Writing Usb4DeviceRouter secondary callback data. Writing Usb4DeviceRouter secondary callback data done. Calling Usb4DeviceRouter secondary callback. Return from Usb4DeviceRouter secondary callback. Writing Usb4DeviceRouter secondary callback data. Writing Usb4DeviceRouter secondary callback data done. Calling Usb4DeviceRouter secondary callback. Return from Usb4DeviceRouter secondary callback. Writing Usb4DeviceRouter secondary callback data. Writing Usb4DeviceRouter secondary callback data done. Calling Usb4DeviceRouter secondary callback. Return from Usb4DeviceRouter secondary callback. Writing Usb4DeviceRouter secondary callback data. Writing Usb4DeviceRouter secondary callback data done. Calling Usb4DeviceRouter secondary callback. Return from Usb4DeviceRouter secondary callback. Writing Usb4DeviceRouter secondary callback data. Writing Usb4DeviceRouter secondary callback data done. Calling Usb4DeviceRouter secondary callback. Return from Usb4DeviceRouter secondary callback. Writing Usb4DeviceRouter secondary callback data. Writing Usb4DeviceRouter secondary callback data done. Calling nvpcf secondary callback. Return from nvpcf secondary callback. Writing nvpcf secondary callback data. Writing nvpcf secondary callback data done. Calling wdiwifi secondary callback. Return from wdiwifi secondary callback. Writing wdiwifi secondary callback data. Writing wdiwifi secondary callback data done. Calling wdiwifi secondary callback. Return from wdiwifi secondary callback. Writing wdiwifi secondary callback data. Writing wdiwifi secondary callback data done. Calling Usb4HostRouter secondary callback. Return from Usb4HostRouter secondary callback. Writing Usb4HostRouter secondary callback data. Writing Usb4HostRouter secondary callback data done. Calling Usb4HostRouter secondary callback. Return from Usb4HostRouter secondary callback. Writing Usb4HostRouter secondary callback data. Writing Usb4HostRouter secondary callback data done. Calling Usb4HostRouter secondary callback. Return from Usb4HostRouter secondary callback. Writing Usb4HostRouter secondary callback data. Writing Usb4HostRouter secondary callback data done. Calling Usb4HostRouter secondary callback. Return from Usb4HostRouter secondary callback. Writing Usb4HostRouter secondary callback data. Writing Usb4HostRouter secondary callback data done. Calling Usb4HostRouter secondary callback. Return from Usb4HostRouter secondary callback. Writing Usb4HostRouter secondary callback data. Writing Usb4HostRouter secondary callback data done. Calling Usb4HostRouter secondary callback. Return from Usb4HostRouter secondary callback. Writing Usb4HostRouter secondary callback data. Writing Usb4HostRouter secondary callback data done. Calling Usb4HostRouter secondary callback. Return from Usb4HostRouter secondary callback. Writing Usb4HostRouter secondary callback data. Writing Usb4HostRouter secondary callback data done. Calling Usb4HostRouter secondary callback. Return from Usb4HostRouter secondary callback. Writing Usb4HostRouter secondary callback data. Writing Usb4HostRouter secondary callback data done. Calling Usb4HostRouter secondary callback. Return from Usb4HostRouter secondary callback. Writing Usb4HostRouter secondary callback data. Writing Usb4HostRouter secondary callback data done. Calling nvlddmkm.sys secondary callback. Return from nvlddmkm.sys secondary callback. Writing nvlddmkm.sys secondary callback data. Writing nvlddmkm.sys secondary callback data done. Calling \Device\DxgKrnl secondary callback. Return from \Device\DxgKrnl secondary callback. Writing \Device\DxgKrnl secondary callback data. Writing \Device\DxgKrnl secondary callback data done. Calling IoBugCheckDriverData secondary callback. Return from IoBugCheckDriverData secondary callback. Writing IoBugCheckDriverData secondary callback data. Writing IoBugCheckDriverData secondary callback data done. Calling PortDriverStandard secondary callback. Return from PortDriverStandard secondary callback. Writing PortDriverStandard secondary callback data. Writing PortDriverStandard secondary callback data done. Calling Wdf01000 secondary callback. Return from Wdf01000 secondary callback. Writing Wdf01000 secondary callback data. Writing Wdf01000 secondary callback data done. Calling blackbox - CI secondary callback. Return from blackbox - CI secondary callback. Writing blackbox - CI secondary callback data. Writing blackbox - CI secondary callback data done. Calling blackbox - Winlogon secondary callback. Return from blackbox - Winlogon secondary callback. Writing blackbox - Winlogon secondary callback data. Writing blackbox - Winlogon secondary callback data done. Calling blackbox - NTFS secondary callback. Return from blackbox - NTFS secondary callback. Writing blackbox - NTFS secondary callback data. Writing blackbox - NTFS secondary callback data done. Calling blackbox - CrashedProcess secondary callback. Return from blackbox - CrashedProcess secondary callback. Writing blackbox - CrashedProcess secondary callback data. Writing blackbox - CrashedProcess secondary callback data done. Calling blackbox - PNP secondary callback. Return from blackbox - PNP secondary callback. Writing blackbox - PNP secondary callback data. Writing blackbox - PNP secondary callback data done. Calling blackbox - BSD secondary callback. Return from blackbox - BSD secondary callback. Writing blackbox - BSD secondary callback data. Writing blackbox - BSD secondary callback data done. Calling SecureKernelFailureLog secondary callback. Return from SecureKernelFailureLog secondary callback. Writing SecureKernelFailureLog secondary callback data. Writing SecureKernelFailureLog secondary callback data done. Calling SecureKernelCrashdumpArea secondary callback. Return from SecureKernelCrashdumpArea secondary callback. Writing SecureKernelCrashdumpArea secondary callback data. Writing SecureKernelCrashdumpArea secondary callback data done. Calling secondary multi-part dump callbacks. Starting TRIAGEDUMPDATA multi-part secondary callback. Finish TRIAGEDUMPDATA multi-part secondary callback. Starting SMBiosData multi-part secondary callback. Finish SMBiosData multi-part secondary callback. Starting SMBiosRegistry multi-part secondary callback. Finish SMBiosRegistry multi-part secondary callback. Starting SMBiosRegisters multi-part secondary callback. Finish SMBiosRegisters multi-part secondary callback. Starting SMBiosDataACPI multi-part secondary callback. Finish SMBiosDataACPI multi-part secondary callback. Starting PCI multi-part secondary callback. Finish PCI multi-part secondary callback. Starting Etw multi-part secondary callback. Finish Etw multi-part secondary callback. Finish calling secondary multi-part dump callbacks. Progress 0x00000045 Finish invoking secondary dump callbacks. Starting invoking dump complete callbacks. Progress 0x00000046 Finish invoking dump complete callbacks. Dump ended at UTC: 2024/05/07 11:34:49, local time: 2024/05/07 13:34:49. Progress 0x00000053

AdrianoBrugnoni commented 4 months ago

I don't know if this can help, but I found that the EXDi plugin, when comunicate with a gdbServer, traslate a HW bp request every time into a SW bp request.