Exploratory debug symbols & crash dump analysis (Windows)

[ncvicchi]

Related issue
https://github.com/wazuh/wazuh/issues/21736
https://github.com/wazuh/wazuh/issues/21739

Description

This issue aims to make a exploratory session of current https://github.com/wazuh/wazuh/issues/9913 phase 1 development for the Agent instance of the Windows package.

Verifications should be performed on the following issues to check end to end the process from generation of symbols to crash dump analysis with them.

These verifications must be performed by a different collaborator than the originally assigned to the issue, and a full detail of procedures, logs and results must be provided. Evidence of success must be provided as well.

Goals

• Verify that binary and debug symbols packages are correctly generated by following the current documentation
• Verify that binary & debug symbols packages are automatically uploaded to their designated locations.
• Verify that packages perform a successful installation by following the current documentation.
• Verify that the installed agent instance runs succesfully.
• Verify that a crash dump is generated on simulated failure.
• Verify that debug symbols are suitable to debug/analyze the crash dumps.
• Verify that the documentation used during all the exploratory is adequate, correct and complete.
• Verify that crash dump generation can be enabled and disabled just by following the proper documentation.

DoD

• [x] Packages for binaries and debug symbols are generated by following documentation.
• [x] Packages are confirmed to be uploaded to their designated location. @jotacarma90
• [x] Installation is tested and validated.
• [x] Installed agent behaves as expected.
• [x] A simulation of failure is performed and as a result a crash dump is generated. @aritosteles
• [x] Crash dump is successfully analyzed by using the corresponding debug symbols. @aritosteles
• [x] No documentation errors are found or left uncorrected. @aritosteles
• [x] Crash dump generation is validated to be enabled or disabled just by following the proper documentation. @aritosteles
• [x] Extensive evidence and documentation of the exploratory is provided @aritosteles

Approval DRI Name: @ncvicchi Objective: Generate debug symbols

[ncvicchi]

Blocked by https://github.com/wazuh/wazuh/issues/22947

[aritosteles]

Test completed:

Cloned repo:

Cloned wazuh/wazuh repository and checked out branch

enhancement/9913-generate-debug-symbols-epic-CP

Generated compiled windows agent:

sudo ./generate_compiled_windows_agent.sh --output wazuh_agent_test

Copied resulting zip file to Windows host and generated msi file and debug symbols zip:

.\generate_wazu_msi.ps1

Run msi as administrator and verify registry key is created:

Cleared registry key:

According to Windows documentation a crash dump is not generated if there is a default debugger configured. Manually cleared the appropriate registry key.

Generated crash dump:

Modified executable to crash on startup and generate a crash dump in the designated location.

Analyzed dump file with WinDbg:

[Dwordcito]

@jotacarma90 will check if the debug symbols are uploaded to s3

[Dwordcito]

LGTM.