In order to make WinDBG remote debugging work through firewall(s), I decided to write my own repeater, instead of using its dbengprx.exe, which doesn’t work with “Two Firewalls”(see my previous blog).
With Boost ASIO, implementing the prototype is not a big job. The instructions to use the tunnel are as following.
First, run dbgsrv.exe at the debuggee’s side.
Second, run tunnel.exe on the server with a public IP address. It has two listening ports, 9000 and 9001.
Third, at the debuggee’s side, run tunnel outward (public IP) 9001 (dbgsrv ip) 1012. Unlike “dbgsrv.exe”, many other debugger servers(like msvsmon.exe) do not have the feature “clicon”, so I made my tunnel be able to relay the traffic between the public server and the dbgsrv machine. As you can see, the connection direction is outward relative to the relay server itself.
You can run the above outward direction tunnel on the same machine where dbgsrv is running, however it is very useful to run it on another machine when you are debugging GINA or credential provider which makes impossible run a cmd application, because you haven’t logged in.
Finally, run windbg.exe at the debugger side, but the server parameter should be public IP:9000, instead of debuggee IP:1012
- dbgsrv.exe -t tcp:port=1012
- tunnel inward 9000 9001
- tunnel outward (public IP) 9001 (dbgsrv ip) 1012
- windbg -premote tcp:server=(public ip),port=9000
I did a test, it worked. I could attached the process which I wanted to debug.
Please read the PDF version for the details. You can also download the source code, I would be very happy if you can improve it and make it as a mature product.
No comments:
Post a Comment