Bug 1826350

Summary: [Microsoft driver security checklist] Review debugger techniques and extensions for virtio-win drivers
Product: Red Hat Enterprise Linux 8 Reporter: Yvugenfi <yvugenfi>
Component: virtio-winAssignee: Amnon Ilan <ailan>
virtio-win sub component: virtio-win-prewhql QA Contact: Peixiu Hou <phou>
Status: CLOSED NOTABUG Docs Contact:
Severity: medium    
Priority: unspecified CC: jinzhao, juzhang, lijin, phou
Version: 8.3Keywords: TestOnly
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Windows   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-26 08:28:07 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1826331    

Comment 3 Peixiu Hou 2020-04-23 10:10:56 UTC 
Hi Yan,

I tried to run command !exploitable, but report error "No export exploitable found", as follows:
==============================
0: kd> !exploitable
No export exploitable found
==============================

I tried install Visual C++ Redistributable for Visual Studio 2012(https://www.microsoft.com/en-us/download/details.aspx?id=30679) and http://download.microsoft.com/download/A/6/A/A6AC035D-DA3F-4F0C-ADA4-37C8E5D34E3D/setup/WinSDKDebuggingTools/dbg_x86.msi, but also cannot work.
I used windbg version is 10.0.16299.15

My steps:
1. Open the WinDbg tool.
2. Open File --> SymbolFile Path...
3. Add Symbol path: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols 
4. Open File --> Open Crash Dump...
5. Choose need analyzed Memory.dmp file
6. Execute 0: kd> !analyze -v
   command can be run normally, but report follows message:
***** Kernel symbols are WRONG. Please fix symbols to do analysis.

------------------------------------------------------
|                                                    |
|            NT symbols are not available            |
|   Kernel hints available (reduced functionality)   |
|                                                    |
------------------------------------------------------
<Unable to get nt!KiCurrentEtwBufferOffset><Unable to get nt!KiCurrentEtwBufferBase>******
7. Eecute 0: kd> !exploitable, report error "No export exploitable found"

Could you help to check if any steps I missed or incorrect? 

Thanks a lot~
Peixiu