I am doing a memory dump analysis for AppCrash_w3wp.
When I do an !analyze -v I get the following result.
Is there any problem in my symbol setup? Or is this analysis pointing to some actual issue? Could somebody please guide me on how to analyze this further?
====:>
*** WARNING: Unable to verify timestamp for webengine4.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\54c5d3ee1f311718f3a2feb337c5fa29\mscorlib.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for mscorlib.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data\987d450520ea6e815c63db8aecba0761\System.Data.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.Data.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Mvc\9f9155f1c13562534f6cb370b0ad8381\System.Web.Mvc.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.Web.Mvc.ni.dll
*** ERROR: Module load completed but symbols could not be loaded for System.Web.Mvc.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web\cb6d38da3ca9a62afed46123b693899e\System.Web.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.Web.ni.dll
Unable to load image C:\Windows\assembly\NativeImages_v4.0.30319_64\System\4598449d72d7ebbd53952399ed5fc710\System.ni.dll, Win32 error 0n2
*** WARNING: Unable to verify checksum for System.ni.dll
*** WARNING: Unable to verify timestamp for alk_dalkutil64.dll
*** ERROR: Module load completed but symbols could not be loaded for alk_dalkutil64.dll
FAULTING_IP:
KERNELBASE!RaiseException+39
000007fe`fda8940d 4881c4c8000000 add rsp,0C8h
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000007fefda8940d (KERNELBASE!RaiseException+0x0000000000000039)
ExceptionCode: e0434352 (CLR exception)
ExceptionFlags: 00000001
NumberParameters: 5
Parameter[0]: ffffffff80004003
Parameter[1]: 0000000000000000
Parameter[2]: 0000000000000000
Parameter[3]: 0000000000000000
Parameter[4]: 000007fefa140000
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
rax=0000000001470000 rbx=000000001791d5d0 rcx=0000000001470000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000002
rip=0000000077be186a rsp=000000001791d498 rbp=0000000000000002
r8=0000000000000000 r9=0000000000000040 r10=0000000000000000
r11=0000000000000286 r12=0000000000000000 r13=000000001791d540
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!ZwWaitForMultipleObjects+0xa:
00000000`77be186a c3 ret
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
PROCESS_NAME: w3wp.exe
ERROR_CODE: (NTSTATUS) 0xe0434352 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xe0434352 - <Unable to get error code text>
EXCEPTION_PARAMETER1: ffffffff80004003
EXCEPTION_PARAMETER2: 0000000000000000
EXCEPTION_PARAMETER3: 0000000000000000
EXCEPTION_PARAMETER4: 0
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: w3wp.exe
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
MANAGED_STACK:
EXCEPTION_OBJECT: !pe 103f98b08
Exception object: 0000000103f98b08
Exception type: System.AccessViolationException
Message: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
InnerException: <none>
StackTrace (generated):
<none>
StackTraceString: <none>
HResult: 80004003
MANAGED_OBJECT: !dumpobj ffb11420
Name: System.String
MethodTable: 000007fef8886500
EEClass: 000007fef81a3750
Size: 26(0x1a) bytes
File: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
String:
Fields:
MT Field Offset Type VT Attr Value Name
0000000000000000 40000aa 8 System.Int32 1 instance 0 m_stringLength
0000000000000000 40000ab c System.Char 1 instance 0 m_firstChar
000007fef8886500 40000ac 18 System.String 0 shared static Empty
>> Domain:Value 0000000002488520:NotInit 0000000002576750:NotInit <<
EXCEPTION_MESSAGE: Attempted to read or write protected memory. This is often an indication that other memory is corru
MANAGED_OBJECT_NAME: SYSTEM.ACCESSVIOLATIONEXCEPTION
MANAGED_STACK_COMMAND: ** Check field _remoteStackTraceString **;!do 103f98b08;!do ffb11420
LAST_CONTROL_TRANSFER: from 000007fefa35565b to 000007fefda8940d
PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS
BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS_CLR_EXCEPTION
STACK_TEXT:
00000000`00000000 00000000`00000000 w3wp!Unknown+0x0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: w3wp!Unknown
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: w3wp
IMAGE_NAME: w3wp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7afa2
STACK_COMMAND: ** Check field _remoteStackTraceString **;!do 103f98b08;!do ffb11420 ; ** Pseudo Context ** ; kb
FAILURE_BUCKET_ID: WRONG_SYMBOLS_e0434352_w3wp.exe!Unknown
BUCKET_ID: X64_APPLICATION_FAULT_WRONG_SYMBOLS_CLR_EXCEPTION_w3wp!Unknown
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:wrong_symbols_e0434352_w3wp.exe!unknown
FAILURE_ID_HASH: {419a5b7f-31d5-d77e-cd0e-fe26c9258bfb}
Followup: MachineOwner
===
Edited on September 25
I have set up an environment variable
_NT_SYMBOL_PATH - symsrv*symsrv.dll*C:\Windows\symbols*http://msdl.microsoft.com/download/symbols
I am wondering why isn't it loading all symbols dynamically?
I did a .symfix;.reload
I get the prompt for sometime. Then I get a lot of .... on the screen and the regular prompt is back.
Then I did a "!sym noisy" and did ".symfix;.reload" again...
I get the following messages
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols
..
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.dll\51FB164A1a9000\ntdll.dll - OK
DBGENG: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.dll\51FB164A1a9000\ntdll.dll - Mapped image memory
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb already cached
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb already cached
DBGHELP: ntdll - public symbols
C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb
..............................................................
................................................................
................................................................
................................................................
................................................................
.....
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernel32.dll\51FB167611f000\kernel32.dll - OK
DBGENG: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernel32.dll\51FB167611f000\kernel32.dll - Mapped image memory
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\KERNELBASE.dll\51FB16776b000\KERNELBASE.dll - OK
DBGENG: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\KERNELBASE.dll\51FB16776b000\KERNELBASE.dll - Mapped image memory
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernelbase.pdb\88D04DC8E39B4CBB9CB12366C2AE475F2\kernelbase.pdb already cached
DBGHELP: C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernelbase.pdb\88D04DC8E39B4CBB9CB12366C2AE475F2\kernelbase.pdb already cached
DBGHELP: KERNELBASE - public symbols
C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\sym\kernelbase.pdb\88D04DC8E39B4CBB9CB12366C2AE475F2\kernelbase.pdb
Is there any problem in my symbol setup?
Yes. Correct it with the commands
.symfix x:\symbols; * Wherever you want the symbols to be
.reload
Or, if you have other symbol paths already set up:
.symfix+ x:\symbols
.reload
Or is this analysis pointing to some actual issue?
Also. You have a .NET exception which crashes your program. That is an issue.
The type is AccessViolation, something similar to a NullReferenceException. Hopefully, fixing symbols does not make a huge deifference here.
Could somebody please guide me on how to analyze this further?
After fixing the symbols, proceed with
.loadby sos clr
!pe
!clrstack
Related
I'm attempting to debug an application using WinDbg. The server doesn't have internet access, so I can't use the Microsoft Symbol server. I went ahead and downloaded the symbols for Server 2012 R2 Retail. Moved them over to the server, and installed to C:\Symbols.
When I attempt to run the debugger, I get the following output.
CommandLine: C:\actionsync\ActionSync\ActionSync.exe
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
DBGHELP: Symbol Search Path: .sympath srv*c:\symbols*
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred .sympath srv*c:\Symbols*
DBGHELP: Symbol Search Path: .sympath srv*c:\symbols*
DBGHELP: Symbol Search Path: .sympath srv*c:\symbols*
Symbol search path is: .sympath srv*c:\Symbols*
Executable search path is: srv*
DBGHELP: SharedUserData - virtual symbol module
ModLoad: 00ec0000 00ecc000 ActionSync.exe
ModLoad: 77120000 7728f000 ntdll.dll
ModLoad: 6fc30000 6fc86000 C:\Windows\SysWOW64\MSCOREE.DLL
ModLoad: 74de0000 74f20000 C:\Windows\SysWOW64\KERNEL32.dll
ModLoad: 74f20000 74ff7000 C:\Windows\SysWOW64\KERNELBASE.dll
(1054.478): Break instruction exception - code 80000003 (first chance)
DBGHELP: Invalid path: '.sympath srv*c:\symbols*'
DBGHELP: C:\Windows\SYSTEM32\wntdll.pdb - file not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
DBGHELP: ntdll - export symbols
eax=00000000 ebx=00000000 ecx=7fdc0000 edx=00000000 esi=7ee16000 edi=00000000
eip=771d3c7d esp=0104f2f4 ebp=0104f320 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrInitShimEngineDynamic+0x6dd:
771d3c7d cc int 3
I am completely new to using WinDbg. Additionally, I cannot install VS on this machine.
As far as I know, I have everything setup correctly, but I'm still not able to debug this application.
Any help would be appreciated.
EDIT 1:
I updated the symbol path based on Thomas Weller's Comment
Here is the output
0:000> .sympath
Symbol search path is: .sympath srv*c:\Symbols*
Expanded Symbol search path is: .sympath srv*c:\symbols*
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred .sympath srv*c:\Symbols*
Error: Change all symbol paths attempts to access '.sympath c:\symbols' failed: 0x7b - The filename, directory name, or volume label syntax is incorrect.
************* Symbol Path validation summary **************
Response Time (ms) Location
Error 16 .sympath c:\symbols
DBGHELP: Symbol Search Path: .sympath c:\symbols
DBGHELP: Symbol Search Path: .sympath c:\symbols
0:000> .reload
Reloading current modules
.....
DBGHELP: Invalid path: '.sympath c:\symbols'
DBGHELP: C:\Windows\SYSTEM32\wntdll.pdb - file not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
DBGHELP: ntdll - export symbols
************* Symbol Loading Error Summary **************
Module name Error
ntdll All symbol search paths were invalid
Please check your symbol search path.
The following location did not respond and were excluded during symbol loading:
.sympath c:\symbols
EDIT 2:
So, it appears that the sympath is case sensitive.
I updated the sympath C:\Symbols
This is the output.
************* Symbol Path validation summary **************
Response Time (ms) Location
OK c:\Symbols
DBGHELP: Symbol Search Path: c:\symbols
DBGHELP: Symbol Search Path: c:\symbols
0:000> .reload
Reloading current modules
.....
DBGHELP: c:\symbols\wntdll.pdb - file not found
DBGHELP: c:\symbols\dll\wntdll.pdb - file not found
DBGHELP: c:\symbols\symbols\dll\wntdll.pdb - file not found
DBGHELP: C:\Windows\SYSTEM32\wntdll.pdb - file not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
DBGHELP: ntdll - export symbols
************* Symbol Loading Error Summary **************
Module name Error
ntdll PDB not found : c:\symbols\symbols\dll\wntdll.pdb
Unable to locate the .pdb file in this location
For both solutions, you need a copy of WinDbg (not neccesarily an installation). You find symchk in the WinDbg folder.
Solution for a specific dump / specific debug session
On the machine where you're debugging, create crash dump file with .dump. Skip this step if you already have a crash dump file.
At a command prompt, create a manifest file, i.e. a file that contains information about the symbols to be downloaded
symchk /id <dumpfile>.dmp /om D:\symbols.manifest
/id is for input = dump
/om is for output = manifest
Transfer that manifest file onto a machine with Internet access.
On the Internet machine then run
symchk /im X:\symbols.manifest /s srv*X:\downloadedsymbols\*http://msdl.microsoft.com/download/symbols /od
at the command prompt.
/im is for input = manifest
/od is for output details (like verbose)
Transfer the symbols back to the machine without Internet access. Copy them into a new folder, e.g. c:\downloadedsymbols, not c:\symbols . Don't use an existing symbol path, because the n-tier-layout might not match.
Open the crash dump in WinDbg.
Fix the symbols
.sympath C:\downloadedsymbols
and maybe
.reload /f
Solution for retrieving all symbols of the machine without Internet
Note: this process may take really long, since it may download thousands of symbols
At a command prompt, run
symchk /r /if %windir% /om D:\windir.manifest
/r is for recursive
/if is for input = files
/om is for output = manifest
Transfer that manifest file onto a different machine with Internet access.
On the Internet machine, run
symchk /im X:\windir.manifest /s srv*X:\winsymbols\*http://msdl.microsoft.com/download/symbols /od
/im is for input = manifest
/od is for output details (like verbose)
Transfer the symbols back to the machine without Internet access. Copy them into a new folder, e.g. c:\winsymbols, not c:\symbols . Don't use an existing symbol path, because the n-tier-layout might not match.
Use the symbols with
.sympath C:\winsymbols
.reload
I'm having an issue trying to find out to which problem is crash dump pointing. If someone could help me it would be nice.
This is what I get in windbg.
Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\MAJSTOR\Documents\Sports Interactive\Football Manager 2015\crash dumps\FM 2015 v15.3.2.627042 (2015.06.26 17.55.38).dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Fri Jun 26 17:55:38.000 2015 (UTC + 2:00)
System Uptime: not available
Process Uptime: 0 days 0:00:32.000
................................................................
.......................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(1bac.ea8): Access violation - code c0000005 (first/second chance not available)
eax=76a80781 ebx=00000000 ecx=0a7ff803 edx=777970f4 esi=000002c4 edi=00000000
eip=777970f4 esp=0a7ff794 ebp=0a7ff800 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!KiFastSystemCallRet:
777970f4 c3 ret
When I load a crash dump in windbg (x64), version 6.3.9600.16384, and load the sos extension for .net, the first time I run the !threads command I get this error:
c0000005 Exception in C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos.threads debugger extension.
PC: 00007ffa`8fe6c7e3 VA: 00000000`00000000 R/W: 0 Parameter: 00000000`00000000
Subsequent times the command runs fine. Full transcript:
Loading Dump File [C:\Users\celdredge\AppData\Local\Temp\w3wp (2).DMP]
User Mini Dump File with Full Memory: Only application data is available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
OK c:\projects\dumps\symbols
Symbol search path is: srv*;c:\projects\dumps\symbols
Executable search path is: srv*
Windows 8 Version 9600 MP (4 procs) Free x64
Product: WinNt, suite: SingleUserTS
Built by: 6.3.9600.16384 (winblue_rtm.130821-1623)
Machine Name:
Debug session time: Tue Dec 17 23:03:00.000 2013 (UTC - 5:00)
System Uptime: 0 days 9:56:04.777
Process Uptime: 0 days 0:01:41.000
................................................................
................................................................
......................................................
ntdll!NtWaitForSingleObject+0xa:
00007ffa`a1d265ba c3 ret
0:000> .loadby sos clr
0:000> !threads
c0000005 Exception in C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos.threads debugger extension.
PC: 00007ffa`8fe6c7e3 VA: 00000000`00000000 R/W: 0 Parameter: 00000000`00000000
CLR version:
0:000> lm v mclr
start end module name
00007ffa`84450000 00007ffa`84de8000 clr (pdb symbols) C:\ProgramData\dbg\sym\clr.pdb\252574218A084BE3AFEFF8921ADADB6F2\clr.pdb
Loaded symbol image file: clr.dll
Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Image name: clr.dll
Browse all global symbols functions data
Timestamp: Tue Sep 10 02:54:48 2013 (522EC238)
CheckSum: 00994334
ImageSize: 00998000
File version: 4.0.30319.34003
Product version: 4.0.30319.34003
SOS version:
0:000> .chain
Extension DLL search Path:
<snip/>
Extension DLL chain:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll: image 4.0.30319.34003, API 1.0.0, built Tue Sep 10 02:44:16 2013
[path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos.dll]
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos: image 4.0.30319.34003, API 1.0.0, built Tue Sep 10 02:44:16 2013
[path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\sos.dll]
This seems to be a weird issue caused by saving an explicit workspace which remembers which extensions are loaded. If I .loadby sos clr and save the workspace, next time I open the workspace it will have sos loaded twice. However if I do .load c:\path\to\sos.dll and save the workspace, it only gets loaded once when I reopen it.
In summary, workspaces in windbg are confusing.
I'm investigating a w3wp crash on our production machines, I'm loading the crashdump with windbg with the following settings:
SRV*C:\MicrosoftSymbols*http://msdl.microsoft.com/download/symbols;C:\MySymbols
sym noisy
(also tried symbol path http://msdn.microsoft.com/en-us/windows/hardware/gg463028)
Why can't it still not load the msvcr80 symbols?
0:025> !analyze -v
*
Exception Analysis *
*
DBGHELP: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\w3wp.exe\45D6968E5000\w3wp.exe - OK DBGENG:
C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\w3wp.exe\45D6968E5000\w3wp.exe - Mapped
image memory DBGHELP: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\mscorwks.dll\4889DC18590000\mscorwks.dll -
OK DBGENG: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\mscorwks.dll\4889DC18590000\mscorwks.dll -
Mapped image memory SYMSRV: mscorwks.pdb from
http://msdl.microsoft.com/download/symbols: 4599999 bytes - copied
DBGHELP: mscorwks - public symbols
c:\microsoftsymbols\mscorwks.pdb\37AFE5AF09D54705B6B685CBCD2208FC2\mscorwks.pdb
DBGHELP: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\mscorlib.ni.dll\4889DC80af7000\mscorlib.ni.dll
- mismatched DBGHELP: C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\sym\mscorlib.ni.dll\4889DC80af7000\mscorlib.ni.dll
- mismatched DBGHELP: C:\Program Files (x86)\Windows Kits\8.0\Debuggers\mscorlib.ni.dll - file not found DBGHELP:
C:\Program Files (x86)\Windows Kits\8.0\Debuggers\mscorlib.ni.dll -
file not found SYMSRV: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\mscorlib.ni.dll\4889DC80af7000\mscorlib.ni.dll
- file not found DBGHELP: C:\Program Files (x86)\Windows Kits\8.0\Debuggers\mscorlib.ni.dll - file not found DBGHELP:
C:\Program Files (x86)\Windows Kits\8.0\Debuggers\mscorlib.ni.dll -
file not found SYMSRV:
c:\microsoftsymbols\mscorlib.ni.dll\4889DC80af7000\mscorlib.ni.dll not
found SYMSRV:
http://msdl.microsoft.com/download/symbols/mscorlib.ni.dll/4889DC80af7000/mscorlib.ni.dll
not found DBGHELP: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\mscorlib.ni.dll - file not found DBGHELP:
C:\Program Files (x86)\Windows Kits\8.0\Debuggers\mscorlib.ni.dll -
file not found DBGHELP: mscorlib.ni.dll not found in c:\mysymbols
DBGHELP: mscorlib.ni.dll not found in c:\mysymbols DBGENG:
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll - Couldn't map image from disk. Unable to load image C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll,
Win32 error 0n2 DBGENG: mscorlib.ni.dll - Partial symbol image load
missing image info DBGHELP: Module is not fully loaded into memory.
DBGHELP: Searching for symbols using debugger-provided data. SYMSRV:
mscorlib.pdb from http://msdl.microsoft.com/download/symbols: 117111
bytes - copied
* WARNING: Unable to verify timestamp for mscorlib.ni.dll DBGHELP: mscorlib_ni - public symbols
c:\microsoftsymbols\mscorlib.pdb\E47AF49130474776AF6C5994C50088421\mscorlib.pdb
DBGHELP: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\kernel32.dll\49C51F0A102000\kernel32.dll -
OK DBGENG: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\kernel32.dll\49C51F0A102000\kernel32.dll -
Mapped image memory SYMSRV: kernel32.pdb from
http://msdl.microsoft.com/download/symbols: 416879 bytes - copied
DBGHELP: kernel32 - public symbols
c:\microsoftsymbols\kernel32.pdb\BE496DC9472F4438B080C70594D8F9CC2\kernel32.pdb
SYMSRV: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\user32.dll\45E7C67691000\user32.dll not
found SYMSRV: user32.dll from
http://msdl.microsoft.com/download/symbols: 266731 bytes - copied
DBGHELP: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\user32.dll\45E7C67691000\user32.dll already
cached DBGHELP: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\user32.dll\45E7C67691000\user32.dll already
cached DBGHELP: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\user32.dll\45E7C67691000\user32.dll - OK
DBGENG: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\user32.dll\45E7C67691000\user32.dll -
Mapped image memory SYMSRV: user32.pdb from
http://msdl.microsoft.com/download/symbols: 293451 bytes - copied
DBGHELP: user32 - public symbols
c:\microsoftsymbols\user32.pdb\B29B53A483EA4F5DAF2BF0FB1A4E7DB92\user32.pdb
DBGHELP: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\ole32.dll\45D70AA5139000\ole32.dll - OK
DBGENG: C:\Program Files (x86)\Windows
Kits\8.0\Debuggers\x86\sym\ole32.dll\45D70AA5139000\ole32.dll - Mapped
image memory SYMSRV: ole32.pdb from
http://msdl.microsoft.com/download/symbols: 1014574 bytes - copied
DBGHELP: ole32 - public symbols
c:\microsoftsymbols\ole32.pdb\DC8A079CAE0B4A0C89EC5A936EAF1F7F2\ole32.pdb
FAULTING_IP: msvcr80!terminate+4d 781346b4 e820460000 call
msvcr80!_SEH_epilog4 (78138cd9)
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 781346b4 (msvcr80!terminate+0x0000004d)
ExceptionCode: 40000015 ExceptionFlags: 00000000 NumberParameters: 0
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
PROCESS_NAME: w3wp.exe
ERROR_CODE: (NTSTATUS) 0x40000015 - {Fatal Application Exit} %hs
EXCEPTION_CODE: (NTSTATUS) 0x40000015 (1073741845) - {Fatal
Application Exit} %hs
APP: w3wp.exe
MANAGED_STACK: !dumpstack -EE No export dumpstack found
PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS
BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 00000000 to 781346b4
STACK_TEXT: 14b98e30 00000000 00000000 00000000 00000000
msvcr80!terminate+0x4d
FOLLOWUP_IP: msvcr80!terminate+4d 781346b4 e820460000 call
msvcr80!_SEH_epilog4 (78138cd9)
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: msvcr80!terminate+4d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: msvcr80
IMAGE_NAME: msvcr80.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4889d619
STACK_COMMAND: ~25s; .ecxr ; kb
FAILURE_BUCKET_ID: WRONG_SYMBOLS_40000015_msvcr80.dll!terminate
BUCKET_ID: APPLICATION_FAULT_WRONG_SYMBOLS_msvcr80!terminate+4d
WATSON_STAGEONE_URL:
http://watson.microsoft.com/StageOne/w3wp_exe/6_0_3790_3959/45d6968e/msvcr80_dll/8_0_50727_3053/4889d619/40000015/000046b4.htm?Retriage=1
WATSON_IBUCKET: 977211931
WATSON_IBUCKETTABLE: 1
Followup: MachineOwner
Regards,
Michel
Sometimes Windbg need access to .dll file itself to be able to locate the .pdb
(if the actual dump don’t contain enough of the header)
Find the msvcr80.dll from the crashed machine, and locate it by
File->Image File Path, and .reload
I am doing remote debugging of windows vista using VmWare , but i encounter the
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe "
also , if i give "!process 0 0 " in windbg , i get
**** NT ACTIVE PROCESS DUMP **** NT symbols are incorrect, please fix symbols
I tried setting _NT_SYMBOL_PATH to "symsrv*symsrv.dll*c:\symbols*http://msdl.microsoft.com/download/symbols" (This was given in http://support.microsoft.com/kb/311503/) , then i changed the symbol file path of windbg to "srv*C:\Symbols\MsSymbols*http://msdl.microsoft.com/download/symbols" , but even after that i get the same errors, when i run symchk.exe to download symbols, i could get a lot of FAILED messages.
when i try to reload using .reload after running !sym noisy, i get
Connected to Windows Vista 6000 x86 compatible target at (Sat Jan 28 16:52:23.839 2012 (GMT+5)), ptr64 FALSE
SYMSRV: The system cannot find the file specified.
SYMSRV: The system cannot find the file specified.
SYMSRV: The system cannot find the file specified.
SYMSRV: c:\symbols\mssymbols\ntkrpamp.pdb\FD50D285751D4684938604B2CC1B41682\ntkrpamp.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrpamp.pdb/FD50D285751D4684938604B2CC1B41682/ntkrpamp.pdb not found
DBGHELP: ntkrpamp.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
DBGHELP: nt - export symbols
Loading Kernel Symbols
...............................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
....
But still when i try to run !process 0 0 , i get an error saying incorrect symbols
Thanks for your help and time in advance..
Your fixed symbol path looks good to me, that first path was entirely incorrect. Can you try the following commands and see if it works?
.symfix c:\websymbols
.reload /o
If that doesn't work, are you running and official version on the target? As in, it's not a Beta release or something, right? You might also want to rule out any networking issues.
I've encountered the same problems.
It is that My IE browser cannt connect Internet(while others could) causing the windbg return ERROR_CANNOT_CONNECT_INTERNET resulting pdb-file cannot be found..
SYMSRV: BYINDEX: 0x5
d:\symbolslocal*http://msdl.microsoft.com/download/symbols
ntdll.dll
4CE7B96E13c000
SYMSRV: d:\symbolslocal\ntdll.dll\4CE7B96E13c000\ntdll.dll - file not found
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/4CE7B96E13c000/ntdll.dll
SYMSRV: HttpSendRequest: 12029 - ERROR_INTERNET_CANNOT_CONNECT
SYMSRV: d:\symbolslocal\ntdll.dll\4CE7B96E13c000\ntdll.dll not found
SYMSRV:http://msdl.microsoft.com/download/symbols/ntdll.dll/4CE7B96E13c000/ntdll.dll not found
DBGHELP: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\ntdll.dll - file not found
DBGHELP: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\ntdll.dll - file not found
DBGENG: ntdll.dll - Image mapping disallowed by non-local path.
DBGHELP: No debug info for ntdll.dll. Searching for dbg file
SYMSRV: BYINDEX: 0x6
d:\symbolslocal*http://msdl.microsoft.com/download/symbols
ntdll.dbg
4CE7B96E13c000
SYMSRV: d:\symbolslocal\ntdll.dbg\4CE7B96E13c000\ntdll.dbg - file not found
SYMSRV: HTTPGET: /download/symbols/ntdll.dbg/4CE7B96E13c000/ntdll.dbg
SYMSRV: HttpSendRequest: 12029 - ERROR_INTERNET_CANNOT_CONNECT
SYMSRV: d:\symbolslocal\ntdll.dbg\4CE7B96E13c000\ntdll.dbg not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntdll.dbg/4CE7B96E13c000/ntdll.dbg not found
DBGHELP: .\ntdll.dbg - file not found
DBGHELP: .\dll\ntdll.dbg - path not found
DBGHELP: .\symbols\dll\ntdll.dbg - path not found
DBGHELP: ntdll.dll missing debug info. Searching for pdb anyway
DBGHELP: Can't use symbol server for ntdll.pdb - no header information available
DBGHELP: ntdll.pdb - file not found
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
So just fix IE problem, then windbg will work fine.
About how to fix IE problem,
open 'Internet Options' --- > 'Connection' --->
delete all connections -----> restart the IE ----> IE OK
Then windbg can access Internet now, it can download symbol files now.
IE cannot access INTERNET may cause many probs in many programs.Hope it helps.