Setting Breakpoints

WinDbg* over Intel(R) Direct Connect Interface (Intel(R) DCI) offers probe mode breakpoint support for Virtual Machine Monitors (VMM). Use the breakin() function to stop WinDbg* after a specified event. After the event is reported, you can start WinDbg* over Intel DCI and continue the session or proceed with using the console mode.

To set a breakpoint in python console

Break into the host kernel. From this point, WinDbg* is able to load symbols and KdBaseAddress found.

breakin(NTOSKRNL)

Break into the probe mode after SMMENTRY event.

breakin(SMMENTRY)

Break into the probe mode after SMMEXIT event.

breakin(SMMEXIT)

Break into the probe mode after VMENTRY event

breakin(VMENTRY)

Break into the probe mode after VMEXIT event

breakin(VMEXIT)

Break into the host kernel preserving the state of a selected core (not resuming a core) to avoid loosing key information. <core_number> is an ordinal number of a core of interest (enumeration starts from 0).

breakin_ntoskrnl_halted_cores(<core_number>)

To set a breakpoint in WinDbg UI

To set the breakpoints:

From this point, WinDbg* is able to set breakpoint into Windows OS Initialization Phase0.

!initbreak

Break into the probe mode after SMMENTRY event.

!vmentrybreak

Break into the probe mode after SMMEXIT event.

!vmexitbreak

Break into the probe mode after VMENTRY event

!smmentrybreak

Break into the probe mode after VMEXIT event

!smmexitbreak

To remove the breakpoints:

Remove breakponit that to break into the host kernel.

!delinitbreak

Remove breakponit that to break into the probe mode after SMMENTRY event.

!delvmentrybreak

Remove breakponit that to break into the probe mode after SMMEXIT event.

!delvmexitbreak

Remove breakponit that to break into the probe mode after VMENTRY event

!delsmmentrybreak

Remove breakponit that to break into the probe mode after VMEXIT event

!delsmmexitbreak

Performing Full Memory Dump

Target Run Control Performing Full Memory Dump