A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #28027  by rcerage
 Tue Mar 15, 2016 12:37 pm

I'm cross-posting here from windbg's forum to see if anyone can help me.

I'm trying to debug Hyper-V but I'm getting some errors when connecting Windbg.

I have two physical machines connected trough a serial cable and I'm using the following tutorial/guide: https://msdn.microsoft.com/en-us/librar ... 85%29.aspx

My environment is this:

Host machine:

Windows 7 Ultimate x64 with Windows 10 SDk and WDK

Target machine:

Windows Server 2008 R2 x64 with Hyper-V role enabled

What I did is to trying to debug the target machine is this:

On the target machine, I executed these commands:

bcdedit /hypervisorsettings serial DEBUGPORT:Port BAUDRATE:Baud
bcdedit /set hypervisordebug on
bcdedit /set hypervisorlaunchtype auto

Where Port is 1 and baudrate is 115200.

On the host machine:

vmdemux -src com:port=com1,baud=115200

And then, I executed the following command:

remote.exe /s "C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\kd -k com:port=\\.\pipe\Vm0,pipe,resets=0,reconnect -y srv*C:\Symbols\HyperV*https://msdl.microsoft.com/download/symbols" HyperV_HV

But I get the following error:

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Opened \\.\pipe\Vm0
Waiting to reconnect...
Connected to Microsoft Hypervisor 7600 x64 target at (Fri Mar 11 16:27:52.098 2016 (UTC - 3:00)), ptr64 TRUE
Kernel Debugger connection established.

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*C:\Symbols\HyperV*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Symbols\HyperV*https://msdl.microsoft.com/download/symbols
Executable search path is:
*** ERROR: Module load completed but symbols could not be loaded for hvix64.exe
ReadVirtual() failed in GetXStateConfiguration() first read attempt (error == 997.
Microsoft Hypervisor Kernel Version 7600 MP (1 procs) Free x64
Built by: win7_rtm 090713-1255
Machine Name:
Primary image base = 0xfffff800`0090f000 Loaded module list = 0xfffff800`00d76920
System Uptime: not available
The call to LoadLibrary(hvexts) failed, Win32 error 0n2
"The system cannot find the file specified."
Please check your debugger configuration and/or network access.

As far as I know, hvexts.dll is an extension provided by MS only to partners.

Any help on this?.