Debugging a Linux kernel without making a project

This tutorial shows how to use the new Kernel Quick Debug feature added to VisualKernel 1.1 to quickly debug a Linux kernel without creating a project or making a module. Before you begin:

  • Install Visual Studio
  • Install VisualKernel
  • Ensure that you have a copy of the kernel image with symbols and sources on the Windows machine
  1. Start Visual Studio. Select Debug->Quick Debug Linux Kernel:
  2. Select the Linux machine you want to debug. Select "Install symbols for another kernel" in the 'kernel symbols' field:
  3. VisualKernel will need to scan your kernel to determine its parameters and build a list of in-tree modules. This information will be stored in the kernel cache folder. If you are using this for the first time, you will be aked to select a location of the Kernel Cache folder:Note that if your kernel files are already stored elsewhere on the Windows machine, you can ignore the warning about 2-5GB of disk space as they will be used from their current location and won't be copied.
  4. In the symbol import wizard select the manual mode:
  5. On the second page of the wizard specify the location of your kernel image and sources:
  6. When you press "Finish", VisualKernel will scan your kernel for various information needed while debugging and will save that information to the kernel cache folder:
  7. Select a kernel connection mode (e.g. KGDBoE to debug via network or VMWare stub if you are using a virtual machine). If you want to avoid entering that information again next time, check the 'save the preset' checkbox and enter a name:
  8. When you hit "Debug", VisualKernel will build and install several helper modules that facilitate debugging and eventually stop at the kgdb breakpoint:
  9. Now you can use the normal debugging techniques. E.g. you can view the list of loaded module and load the symbols for them or set breakpoints on some kernel functions. Let's set a breakpoint on sys_open():
  10. Press F5 to resume debugging. Eventually some process will try to open a file and the sys_open() breakpoint will trigger:
  11. You can use the normal debugging techniques (stepping, setting breakpoints, evaluating expressions). Just note that normally the kernel is optimized, so some variables will be shown as 'optimized out' and stepping will sometimes look awkward, as the optimizer often moves the code around and reuses similar chunks of it. You can also use the GDB session window to send commands to GDB directly:
  12. Press Shift-F5 when you're done. If you have saved your Quick Debug preset before, you can start debugging again by simply selecting it in the "preset" list in the Quick Debug Linux Kernel window and pressing "Debug":