I am currently trying to set up WinDbg with IDA 7.7 to perform kernel debugging. My host machine is Windows 11 22H2 64-bit, the target is a Windows 10 22H2 64-bit VM (VMware). Connection method is KDNET.
I have mostly followed this guide: https://thecyberdung.blogspot.com/2018/10/kernel-debugging-with-windbg-and-idapro.html
I've noted that a lot of stuff isn't working properly:
net:port=<port number>,key=<enter_key_here>works, but when appending,remote, IDA responds with "invalid connection string". That should work, though, according to IDA docs, if you choose "Kernel mode debugging with reconnect and initial break" in the debugger options. Choosing "Kernel mode debugging" and leaving the original connection string works fine.After attaching and browsing modules, IDA does not correctly recognize some functions as code. If I force to interpret as code (pressing C) or manually define the function using "P", it messes up the whole control flow graph (every instruction becomes a basic block).
Decompilation does not work for some functions: either not able to convert to microcode or "stackframe is too big". It works fine when loading the module statically from disk.
The stack and memory dump windows only show "FFFFFFFFFFFFFFFFh" and I'm not able to synchronize them with any register (say RSP). Manual "go to address" does not work either. Locals window is always empty, no matter what function I currently breaked in. However, the general registers window shows the correct values consistently.
Stepping over a single instruction takes about ~6 seconds.
Did anyone encounter similar problems before?
