[NTOS:EX] HACK: on livecd, disable security features in NtSystemDebugControl

hpoussin · HBelusca · commit b9852e83d294 · 2025-01-28T22:00:56.000+01:00
WinDBG can do some local debugging using 'windbg -kl'. In that case,
WinDBG tries to directly use NtSystemDebugControl. If this function
returns an error, WinDBG extracts a driver from its resources.
WinDBG will send IOCTLs to this driver, and this driver will call
KdSystemDebugControl.

However, on livecd (where %SYSTEMROOT% is read-only), WinDBG is unable
to extract the driver from its resources, and can't use the driver to
call KdSystemDebugControl.

As a work-around, allow all control classes in NtSystemDebugControl
in case of livecd.
WinDBG local debugging now also works on livecd (windbg -kl).
diff --git a/ntoskrnl/ex/dbgctrl.c b/ntoskrnl/ex/dbgctrl.c
@@ -267,7 +267,17 @@ NtSystemDebugControl(
             case SysDbgWriteBusData:
             case SysDbgCheckLowMemory:
                 /* Those are implemented in KdSystemDebugControl */
-                Status = STATUS_NOT_IMPLEMENTED;
+                if (InitIsWinPEMode)
+                {
+                    Status = KdSystemDebugControl(Command,
+                                                  InputBuffer, InputBufferLength,
+                                                  OutputBuffer, OutputBufferLength,
+                                                  &Length, PreviousMode);
+                }
+                else
+                {
+                    Status = STATUS_NOT_IMPLEMENTED;
+                }
                 break;
 
             case SysDbgBreakPoint:
