Windows 11 ARM Remote Kernel Debugging

Hello,

After the recent #crowdstrike incident, the importance of debugging in every area of the software world has likely become even clearer.

For this reason, in the emerging world of Windows on ARM, we will prepare an environment that allows us to connect two Windows 11 ARM virtual machines over a virtual serial port and perform kernel debugging.

To conduct remote kernel debugging, we will need two Windows machines. One will be our Host, and the other will be our Target. The debugger will run on the Host machine, while the Target will be the machine connected to this debugger and actively being debugged. In short, we will use WinDbg on the Host and observe its effects on the Target.

For all these operations, we will use a Mac with an M1 processor and the Parallels Desktop application to create a single Windows 11 ARM virtual machine.

Once the installation is complete, navigate to the Virtual Machine settings and, from the Hardware tab, delete the TPM Chip device. This step is necessary to enable debug mode on the Target machine.

After this stage, we will create two Linked Clones from the Windows 11 ARM machine we’ve installed. One of these will serve as our Host, and the other as our Target.

After creating the two Linked Clones, the Parallels Desktop Control Center will appear as follows.

Now, let’s proceed with the steps required to connect these two machines via a serial port.

Navigate to the Hardware tab of our Host machine (Windows11_Base_Host) to add a serial port that both machines will be connected to simultaneously.

Next, go to the Hardware tab of our Target machine and add a serial port. This time, we will see the serial port socket we just created with the name “windbg” in the list; select it.

The final configuration should be as shown in the screenshot below. The important point here is that the Target side must be in Client mode, while the Host side must be in Server mode.

Next, we configure the Target machine for debugging over the COM port.

On the Host side, the only task is to install WinDbg, which can be done through the Microsoft Store.

After completing all these steps, we restart and then shut down both machines. Subsequently, we start our Host machine and initiate a debugging session over the serial port using WinDbg.

Then, after starting our Target machine, we will see it establish a connection to the Host over the serial port.