BugChecker icon indicating copy to clipboard operation
BugChecker copied to clipboard
verified publisher icon vitoplantamura

funcionality of replaced kdcom.dll

Open krembed opened this issue 8 months ago • 1 comments

Hello,

I'm curious about the way that the custom kdcom.dll is loaded if you could share some insights. If you replace the kdcom.dll, does it only load if you enable debug and bootdebug with bcdedit and connect with the boot debugger?

krembed avatar Mar 26 '25 09:03 krembed

hi,

yes: for the system to load KDCOM.DLL you need to boot the OS with kernel debugging enabled.

BugChecker's KDCOM.DLL is a small, mostly empty DLL that exports a function (KdSetBugCheckerCallbacks) that allows to specify two callback functions, one to receive packets and one to send packets to the kernel debugger.

When the BugChecker main driver is loaded, it calls the KdSetBugCheckerCallback function and specifies the two callbacks, intercepting the kernel debugger communications, thus simulating a second PC (running WinDbg) but on the same machine.

Vito

vitoplantamura avatar Mar 27 '25 19:03 vitoplantamura