blabberer

  1. connect two virtual machines on one physical host and use wdeb386 to debug win98 app

    i started reversing and during my first few days i somehow installed softice 4.05 which never worked in windows 2000 then i got to know about ollydbg that was version 1.04 then and it has been my favourite since then

    but ollydbg is a ring 3 debugger and at times when you needed to know what is happening on the other side i felt handicapped

    i didnt want to use softice and windbg needed two machines which was not feasible

    then i used the Poor man's Kernel Debugger livekd from sysinternals

    then i got to know about microsoft virtual pc and i was quiet happy to use it for kernel debugging

    connected to the physical machine using NamedPipe

    if you notice my statements you will find all the software i used were freeware i never had to
    patch or use keygens or scour the net for warej


    but on and off i would be in a situation where my physical host being xp wasnt able to kernel debug some old app in an old os
    like windows 98

    in situations like this it was softice in say 98 vm which i disliked

    so on and off i was trying to connect two virtual machines and use windbg

    but i never succeded in connecting two virtual machine on a single physical host using
    microsoft virtual pc

    vmware was known to me but vmware was either 30 day trial or an endless scouring on bottomless net

    vmware in the meantime released thier player which was freeware but when i looked at it then
    it didnt have the ability to create a vm

    recently i needed to debug some win98 app and i started searching the net for any pointers

    while searching i got to know about vmware player 4.01 which is a freeware and which had the ability to create a vm

    my interest was thus aroused

    and i downloaded the vmware player 4.01 and installed it and started playing with it to create a guest os

    and there by i got to know that vmware has a convertor wherby i can use my old virtual hard disks made by microsoft virtual pc

    so i downloaded the vmware vcenter convertor and installed it

    fed it with a win98.vmc

    and it happily converted the .vmc into a .vmx file and .vhd file into a .vmkd file

    and it loaded perfectly well into vmware (vmware says supported guest os starts from NT )

    after some found newhardware restart routine (omg how many restarts win98 needs )

    i was able to play loderunner on this win98 )

    now moving on to the real purpose

    i fed the convertor another win98se.vmc and got it converted to vmkd and started this too

    i used old ms vpc vhds because i already had lots of craps installed inside them including RTERM98 and WDEB386
    while i fruitlessly tried to use them earlier

    now i had two vms running side by side on a single physical host

    one vm win98 was installed with win98se os and had windows98ddk installed on it

    i had edited the system.ini located in c:\windows

    and added the following in
    Code:
    [386en] section
    
    Device= c:\windows\wdeb98.exe
    DebugPort = 1
    DebugBaud = 115200
    DebugSym="full path to sym file" viz "c:\sym\krnl386.sym" "etc etc "
    "
    "
    "
    on the other vm i had a win98se os and in that i had RTERM98 open connected to comport 1

    on both vmware player i added a serial port
    asked vmware to use named pipe \\.\pipe\com_1 on both vms

    assigned one end as server and other end as virtual machine in first vm
    assigned one end as cilent and other end as virtual machine in second vm

    and restarted the first vm which had WDEB98 installed and kept the finger crossed

    but to my surprise rterm98 on the other vm sprang to life and started spouting up

    the time was well spent i can now set a int 3 in some .com file or LE or NE or VXD and stop in kernel debugger

    and all freeware at that

    i post below a few screen shots for clarity and some debug spew from rterm

    i opened up my fav iczelion tut 02 msgbox.exe plopped an int aka 0xcc at 0x401000
    double clciked it and got it trapped in wdeb386 see screen shot
    Attached Thumbnails Attached Images