Remote Kernel Debugging (HEVD-Part 1)
This post will setup the VMs for Debugger(Win10 x86) and Debuggee(Win7 x86) for the Kernel Debugging using HEVD (HackSysExtremeVulnerableDriver) as case study. The tools that we need for our installation Host 1. Binary Ninja (personal/trial) Debugger VM 1. WinDBG Preview 2. HE VD 2.0 pdb Debuggee VM 1. HEVD 2.0 sys 2. OSRLoader.exe 3. Python 2.7 ( python 3.0+ ) Install Window 10 VM (Debugger) I nstall Window 7 (Debuggee) Once the OS have successfully installed on both VM. Download and Install it. (Debugger) (Debuggee) ==================================Debugger VM================================== Add follow sympath for WinDbg on Debugger VM Variable Name : _NT_SYMBOL_PATH Variable Value : SRV*C:\Symbols*https://msdl.microsoft.com/download/symbols Click ok and Shut Down the VM. Edit the .vmx file configuration. serial0.present = "TRUE" serial0.fileType = "pipe" serial0.fileName = "\\.\pipe\com_1" serial0.pipe.endPoint = "