View Full Version : connect two virtual machines on one physical host and use wdeb386 to debug win98 app

November 30th, 2011, 03:37
i started reversing and during my first few days i somehow installed softice 4.05 which never worked in windows 2000 then i got to know about ollydbg that was version 1.04 then and it has been my favourite since then

but ollydbg is a ring 3 debugger and at times when you needed to know what is happening on the other side i felt handicapped

i didnt want to use softice and windbg needed two machines which was not feasible

then i used the Poor man's Kernel Debugger livekd from sysinternals

then i got to know about microsoft virtual pc and i was quiet happy to use it for kernel debugging

connected to the physical machine using NamedPipe

if you notice my statements you will find all the software i used were freeware i never had to
patch or use keygens or scour the net for warez

but on and off i would be in a situation where my physical host being xp wasnt able to kernel debug some old app in an old os
like windows 98

in situations like this it was softice in say 98 vm which i disliked

so on and off i was trying to connect two virtual machines and use windbg

but i never succeded in connecting two virtual machine on a single physical host using
microsoft virtual pc

vmware was known to me but vmware was either 30 day trial or an endless scouring on bottomless net

vmware in the meantime released thier player which was freeware but when i looked at it then
it didnt have the ability to create a vm

recently i needed to debug some win98 app and i started searching the net for any pointers

while searching i got to know about vmware player 4.01 which is a freeware and which had the ability to create a vm

my interest was thus aroused

and i downloaded the vmware player 4.01 and installed it and started playing with it to create a guest os

and there by i got to know that vmware has a convertor wherby i can use my old virtual hard disks made by microsoft virtual pc

so i downloaded the vmware vcenter convertor and installed it

fed it with a win98.vmc

and it happily converted the .vmc into a .vmx file and .vhd file into a .vmkd file

and it loaded perfectly well into vmware (vmware says supported guest os starts from NT )

after some found newhardware restart routine (omg how many restarts win98 needs )

i was able to play loderunner on this win98 )

now moving on to the real purpose

i fed the convertor another win98se.vmc and got it converted to vmkd and started this too

i used old ms vpc vhds because i already had lots of craps installed inside them including RTERM98 and WDEB386
while i fruitlessly tried to use them earlier

now i had two vms running side by side on a single physical host

one vm win98 was installed with win98se os and had windows98ddk installed on it

i had edited the system.ini located in c:\windows

and added the following in

[386en] section

Device= c:\windows\wdeb98.exe
DebugPort = 1
DebugBaud = 115200
DebugSym="full path to sym file" viz "c:\sym\krnl386.sym" "etc etc "

on the other vm i had a win98se os and in that i had RTERM98 open connected to comport 1

on both vmware player i added a serial port
asked vmware to use named pipe \\.\pipe\com_1 on both vms

assigned one end as server and other end as virtual machine in first vm
assigned one end as cilent and other end as virtual machine in second vm

and restarted the first vm which had WDEB98 installed and kept the finger crossed

but to my surprise rterm98 on the other vm sprang to life and started spouting up

the time was well spent i can now set a int 3 in some .com file or LE or NE or VXD and stop in kernel debugger

and all freeware at that

i post below a few screen shots for clarity and some debug spew from rterm

i opened up my fav iczelion tut 02 msgbox.exe plopped an int aka 0xcc at 0x401000
double clciked it and got it trapped in wdeb386 see screen shotserialport_firstvmmod.jpg (22.4 KB)serialport_secondvmmod.jpg (24.6 KB)wdeb_vmwareplayer.jpg (41.1 KB)