The call to LoadLibrary(hvexts) failed

Hello!,

I’m trying to debug Hyper-V but I’m getting some errors when connecting
Windbg.

I have two physical machines connected trough a serial cable and I’m using
the following tutorial/guide:
https://msdn.microsoft.com/en-us/library/windows/hardware/ff540654(v=vs.85).aspx

My environment is this:

Host machine:

Windows 7 Ultimate x64 with Windows 10 SDk and WDK

Target machine:

Windows Server 2008 R2 x64 with Hyper-V role enabled

What I did is to trying to debug the target machine is this:

On the target machine, I executed these commands:

bcdedit /hypervisorsettings serial DEBUGPORT:Port BAUDRATE:Baud
bcdedit /set hypervisordebug on
bcdedit /set hypervisorlaunchtype auto

Where Port is 1 and baudrate is 115200.

On the host machine:

vmdemux -src com:port=com1,baud=115200

And then, I executed the following command:

remote.exe /s “C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\kd -k
com:port=\.\pipe\Vm0,pipe,resets=0,reconnect -y srv*C:\Symbols\HyperV*
https://msdl.microsoft.com/download/symbols” HyperV_HV

But I get the following error:

Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Opened \.\pipe\Vm0
Waiting to reconnect…
Connected to Microsoft Hypervisor 7600 x64 target at (Fri Mar 11
16:27:52.098 2016 (UTC - 3:00)), ptr64 TRUE
Kernel Debugger connection established.

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*C:\Symbols\HyperV*
https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Symbols\HyperV*
https://msdl.microsoft.com/download/symbols
Executable search path is:
*** ERROR: Module load completed but symbols could not be loaded for
hvix64.exe
ReadVirtual() failed in GetXStateConfiguration() first read attempt (error
== 997.
Microsoft Hypervisor Kernel Version 7600 MP (1 procs) Free x64
Built by: win7_rtm 090713-1255
Machine Name:
Primary image base = 0xfffff8000090f000 Loaded module list = 0xfffff80000d76920
System Uptime: not available
The call to LoadLibrary(hvexts) failed, Win32 error 0n2
“The system cannot find the file specified.”
Please check your debugger configuration and/or network access.

As far as I know, hvexts.dll is an extension provided by MS only to
partners.

Any help on this?.

~rage

Microsoft doesn’t provide public symbols for hvix64.exe. You need IDA PRO for debugging Hyper-V.

Hi!,

but if I need specific non-available symbols for debugging, how IDA can
help in this task?.

On Mon, Mar 28, 2016 at 3:31 PM, wrote:

> Microsoft doesn’t provide public symbols for hvix64.exe. You need IDA PRO
> for debugging Hyper-V.
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
>


~rage</http:>

Some information you can find in my article: http://hvinternals.blogspot.com/2015/10/hyper-v-debugging-for-beginners.html
But for what purpose you need debug hvix64.exe? If you want to do some security research there is tones of undocumented functions, structures in hvix64. You need reversing it and only IDA PRO can help you.

Hi hydelman!,

Thanks for the answer. I’m trying to follow your article. There is another
thing I would like to know. I’m trying to test the driver you wrote. I have
some questions about it:

  1. What Visual Studio version and WDK did you used to build the driver?.
    I’m currently with Visual Studio 2015 and WDK for Win10.
  2. How can I load the driver (I’m working on a Server 2008 R2 SP1)? I tried
    with OSR Driver Loader but didn’t have luck. I also, disabled driver
    signing using bcdedit (bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
    and bcdedit -set TESTSIGNING ON)

On Thu, May 5, 2016 at 2:01 PM, wrote:

> Some information you can find in my article:
> http://hvinternals.blogspot.com/2015/10/hyper-v-debugging-for-beginners.html
> But for what purpose you need debug hvix64.exe? If you want to do some
> security research there is tones of undocumented functions, structures in
> hvix64. You need reversing it and only IDA PRO can help you.
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
>


~rage</http:>

Hi.
Driver was tested on Windows Server 2012 and wrote on Visual Studio 2012, but it may be compile on Visual Studio 2015 too.
Did you make winhv.lib and winhv.def for Windows Server 2008 R2?

No, I didn’t but can I use the one you did for 2012?.

How did you load the driver? I assume I need to sign it with the cert you
provide with the project using SigTool, I’m I right?, and then?. I also
assume you need to disable Driver Signing Enforcement, right?. Can you
describe or elaborate more on the steps needed to test the driver?.

On Tue, May 10, 2016 at 4:55 PM, wrote:

> Hi.
> Driver was tested on Windows Server 2012 and wrote on Visual Studio 2012,
> but it may be compile on Visual Studio 2015 too.
> Did you make winhv.lib and winhv.def for Windows Server 2008 R2?
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
>


~rage</http:>