From Collaborative RCE Tool Library
|Last updated:||October 28, 2007|
|Direct D/L link:||Locally archived copy|
|Description:||VMKD (Virtual Machine KD Extensions) is a program that provides high speed kernel debugging support for VMware virtual machines. VMKD allows you to debug a VMware VM in a high speed fashion, instead of using the much slower and lower bandwidth virtual serial port mechanism.
When you use VMKD to debug a VM, VMKD creates a named pipe on the machine hosting the VM that you can connect to using the usual kernel debugging over named pipe support in WinDbg. However, unlike conventional VM kernel debugging, which is done by creating a virtual serial port in the VM and exposing it to the host system as a named pipe, VMKD does not internally use a virtual serial port to communicate with the kernel running in the VM. Instead, VMKD uses a high speed interface that takes advantage of the fact that the kernel is running in a VM to enhance the performance and responsiveness of the kernel debugging experience.
VMKD has presently only been tested against VMware Server 1.0.3 and 1.0.4. It is designed in a fashion that is intended to be portable to future VMware versions, however this forwards compatibility is fairly fragile and may break on future releases. VMKD does not support Microsoft Virtual Server or other virtualization products. Do not attempt to use VMKD with other virtualization programs or with a physical machine.
The main benefits of using VMKD instead of conventional serial port debugging are:
1. Responsiveness. VMKD provides a very low latency link between the kernel debugger and the VM if you are running the kernel debugging on the same computer hosting the VM. This means that most kernel debugger commands will respond much quicker than with normal kernel debugging (many commands are typically fairly close to local kernel debugging (lkd) speed, such as !process 0 0, which typically returns in 1-2 seconds or less even with 40-50 running processes when operating with VMKD). This improved response time even makes complex conditional breakpoints on “warm” kernel code paths feasible!
2. Data transfer speed. VMKD can move data to and from a VM much faster than the virtual serial port debugging mechanism. For example, I typically received around ~200KBps throughput while doing bulk memory reads on a VM, far beyond that possible with a virtual serial port. Most of the overhead now remaining in terms of bulk data transfer is reflective of design limitations of the protocol that VMKD uses to talk to the kernel debugger client (DbgEng.dll). Note that 1394 can still write physical memory dumps faster than VMKD, because 1394 KD can essentially DMA the target’s physical memory across the wire due to special support in the 1394 DbgEng KD protocol client. However, in most other aspects, VMKD provides equivalent or superior performance to even 1394 KD.
3. Processor usage. Normally, when you are kernel debugging a computer, the target is spinning on the kernel debugger I/O hardware (such as the serial port or 1394 controller). With a VM, this is a particular problematic condition, as it causes the VM to monopolize one CPU with useless polling. VMKD allows the VM to sleep while waiting for input from the kernel debugger, eliminating the tendancy of conventional virtual serial port debugging to severely degrade overall system performance on the host computer.
However, VMKD is not perfect. Because it was written without the assistance of either VMware or Microsoft, integration with the Windows kernel and VMware is a bit rough around the edges. Due to this, there are some steps that need to be followed to use VMKD. For some kernel debugging tasks, it may simply be easier to just use virtual serial port debugging and live with the limitations of the virtual serial port than to set up a VMKD debugging session.
|Related URLs:||No related URLs have been submitted for this tool yet|
You are welcome to add your own useful notes about this tool, for others to see!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)