I cannot figure out why my local symbols are not loading for a kernel driver compiled using WDK and VS2013.
I build the driver and place myDriver.pdb in C:\Symbols\local, and copy the myDriver.sys to my virtual machine. Using VirtualKD I start the debugger, install the driver, and look at my loaded modules or try to set a breakpoint on myDriver!DriverEntry. When I try the breakpoint I get:
BP expression myDriver.sys!DriverEntry could not be resolved, adding deferred bp
My symbol path is:
C:\Symbols\local;srv*C:\Symbols\symcache*http://msdl.microsoft.com/download/symbols
When I try to .reload /f myDriver.sys I get:
kd> .reload /f myDriver.sys
"myDriver.sys" was not found in the image list.
Debugger will attempt to load "myDriver.sys" at given base 00000000`00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
DBGENG: myDriver.sys - Partial symbol image load missing image info
DBGHELP: No header for myDriver.sys. Searching for dbg file
DBGHELP: c:\symbols\local\myDriver.dbg - file not found
DBGHELP: c:\symbols\local\sys\myDriver.dbg - path not found
DBGHELP: c:\symbols\local\symbols\sys\myDriver.dbg - path not found
DBGHELP: .\myDriver.dbg - file not found
DBGHELP: .\sys\myDriver.dbg - path not found
DBGHELP: .\symbols\sys\myDriver.dbg - path not found
DBGHELP: myDriver.sys missing debug info. Searching for pdb anyway
DBGHELP: myDriver - private symbols & lines
c:\symbols\local\myDriver.pdb - unmatched
Unable to add module at 00000000`00000000
Any ideas as to how I can fix this?
Thanks!
Because driver isn`t loaded yet. Deffered bp is OK. They will be resolved on driver load. This is normal behavior, no need to "fix this".
Related
'ImportError: DLL load failed while importing _sqlite3: The specified module could not be found.\r\n'
}
Error 13:41:09: Failed to execute cells in CellExecutionQueue o [Error]: The kernel died. View Jupyter log for further details.
i've made an env and i wanna run the kernel with the env but i got this problem
image description here
image description here
image description here
The following conclusions can be drawn from the relevant information
python has this module built-in, anaconda doesn't
The workaround is to place a sqlite3.DLL file named in the DDLs directory:
..\Anaconda\DLLs
On executing the command "!cs" or "!locks", I encountered the following error:
0:000> !locks
NTSDEXTS: Unable to read memory at ntdll!RtlCriticalSectionList
Notes:
Windows Debugger Version is 10.0.20153.1000.
ntdll File version: 6.3.9600.18895
Any help will be appreciated.
I'm attempting to debug an application using WinDbg. The server doesn't have internet access, so I can't use the Microsoft Symbol server. I went ahead and downloaded the symbols for Server 2012 R2 Retail. Moved them over to the server, and installed to C:\Symbols.
When I attempt to run the debugger, I get the following output.
CommandLine: C:\actionsync\ActionSync\ActionSync.exe
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
DBGHELP: Symbol Search Path: .sympath srv*c:\symbols*
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred .sympath srv*c:\Symbols*
DBGHELP: Symbol Search Path: .sympath srv*c:\symbols*
DBGHELP: Symbol Search Path: .sympath srv*c:\symbols*
Symbol search path is: .sympath srv*c:\Symbols*
Executable search path is: srv*
DBGHELP: SharedUserData - virtual symbol module
ModLoad: 00ec0000 00ecc000 ActionSync.exe
ModLoad: 77120000 7728f000 ntdll.dll
ModLoad: 6fc30000 6fc86000 C:\Windows\SysWOW64\MSCOREE.DLL
ModLoad: 74de0000 74f20000 C:\Windows\SysWOW64\KERNEL32.dll
ModLoad: 74f20000 74ff7000 C:\Windows\SysWOW64\KERNELBASE.dll
(1054.478): Break instruction exception - code 80000003 (first chance)
DBGHELP: Invalid path: '.sympath srv*c:\symbols*'
DBGHELP: C:\Windows\SYSTEM32\wntdll.pdb - file not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
DBGHELP: ntdll - export symbols
eax=00000000 ebx=00000000 ecx=7fdc0000 edx=00000000 esi=7ee16000 edi=00000000
eip=771d3c7d esp=0104f2f4 ebp=0104f320 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
ntdll!LdrInitShimEngineDynamic+0x6dd:
771d3c7d cc int 3
I am completely new to using WinDbg. Additionally, I cannot install VS on this machine.
As far as I know, I have everything setup correctly, but I'm still not able to debug this application.
Any help would be appreciated.
EDIT 1:
I updated the symbol path based on Thomas Weller's Comment
Here is the output
0:000> .sympath
Symbol search path is: .sympath srv*c:\Symbols*
Expanded Symbol search path is: .sympath srv*c:\symbols*
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred .sympath srv*c:\Symbols*
Error: Change all symbol paths attempts to access '.sympath c:\symbols' failed: 0x7b - The filename, directory name, or volume label syntax is incorrect.
************* Symbol Path validation summary **************
Response Time (ms) Location
Error 16 .sympath c:\symbols
DBGHELP: Symbol Search Path: .sympath c:\symbols
DBGHELP: Symbol Search Path: .sympath c:\symbols
0:000> .reload
Reloading current modules
.....
DBGHELP: Invalid path: '.sympath c:\symbols'
DBGHELP: C:\Windows\SYSTEM32\wntdll.pdb - file not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
DBGHELP: ntdll - export symbols
************* Symbol Loading Error Summary **************
Module name Error
ntdll All symbol search paths were invalid
Please check your symbol search path.
The following location did not respond and were excluded during symbol loading:
.sympath c:\symbols
EDIT 2:
So, it appears that the sympath is case sensitive.
I updated the sympath C:\Symbols
This is the output.
************* Symbol Path validation summary **************
Response Time (ms) Location
OK c:\Symbols
DBGHELP: Symbol Search Path: c:\symbols
DBGHELP: Symbol Search Path: c:\symbols
0:000> .reload
Reloading current modules
.....
DBGHELP: c:\symbols\wntdll.pdb - file not found
DBGHELP: c:\symbols\dll\wntdll.pdb - file not found
DBGHELP: c:\symbols\symbols\dll\wntdll.pdb - file not found
DBGHELP: C:\Windows\SYSTEM32\wntdll.pdb - file not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
DBGHELP: ntdll - export symbols
************* Symbol Loading Error Summary **************
Module name Error
ntdll PDB not found : c:\symbols\symbols\dll\wntdll.pdb
Unable to locate the .pdb file in this location
For both solutions, you need a copy of WinDbg (not neccesarily an installation). You find symchk in the WinDbg folder.
Solution for a specific dump / specific debug session
On the machine where you're debugging, create crash dump file with .dump. Skip this step if you already have a crash dump file.
At a command prompt, create a manifest file, i.e. a file that contains information about the symbols to be downloaded
symchk /id <dumpfile>.dmp /om D:\symbols.manifest
/id is for input = dump
/om is for output = manifest
Transfer that manifest file onto a machine with Internet access.
On the Internet machine then run
symchk /im X:\symbols.manifest /s srv*X:\downloadedsymbols\*http://msdl.microsoft.com/download/symbols /od
at the command prompt.
/im is for input = manifest
/od is for output details (like verbose)
Transfer the symbols back to the machine without Internet access. Copy them into a new folder, e.g. c:\downloadedsymbols, not c:\symbols . Don't use an existing symbol path, because the n-tier-layout might not match.
Open the crash dump in WinDbg.
Fix the symbols
.sympath C:\downloadedsymbols
and maybe
.reload /f
Solution for retrieving all symbols of the machine without Internet
Note: this process may take really long, since it may download thousands of symbols
At a command prompt, run
symchk /r /if %windir% /om D:\windir.manifest
/r is for recursive
/if is for input = files
/om is for output = manifest
Transfer that manifest file onto a different machine with Internet access.
On the Internet machine, run
symchk /im X:\windir.manifest /s srv*X:\winsymbols\*http://msdl.microsoft.com/download/symbols /od
/im is for input = manifest
/od is for output details (like verbose)
Transfer the symbols back to the machine without Internet access. Copy them into a new folder, e.g. c:\winsymbols, not c:\symbols . Don't use an existing symbol path, because the n-tier-layout might not match.
Use the symbols with
.sympath C:\winsymbols
.reload
I'm doing crash analysis on some software,and I'm sure there is no pdb file I can get for the sth.exe,but when sth.exe crashs,every time windbg will search a lot of paths and symbol servers.Even when I cut off the vm's network connection,it still pinned for a while to search the sth.exe's pdb.And this leads to a failure in my auto analysis.Is there a way to tell windbg sth.exe has no pdb,please don't waste time to search it?
create a file named symsrv.ini
in the folder where windbg is installed
the directory in this sample is e:\ewdk\program files\windows kits\10\Debuggers\x86
create an exclusion section in the file
and add all the unknown pdb's list into it
symsrv wont go searching for them
:\>ls -l symsrv.ini
-rw-rw-rw- 1 HP 0 259 2016-08-18 17:43 symsrv.ini
:\>file symsrv.ini
symsrv.ini; ASCII text, with CRLF line terminators
:\>cat symsrv.ini
[exclusions]
livekdD.sys
vmm.pdb
livekdD.pdb
vmci.pdb
vsock.pdb
clwvd.pdb
spldr.pdb
vmkbd.pdb
vmnetsrv.pdb
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
:\>livekd
LiveKd v5.40 - Execute kd/windbg on a live system
Sysinternals - www.sysinternals.com
!sym noisy
noisy mode - symbol prompts off
kd> .reload /f
SYMSRV: vmci.pdb is in the file exclusion list
DBGHELP: d:\build\ob\bora-1141980\bora-vmsoft\build\release\crosstalk\windows\wi
n2k\i386\vmci.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vmci.sys -
DBGHELP: vmci - export symbols
SYMSRV: vsock.pdb is in the file exclusion list
DBGHELP: d:\build\ob\bora-1253991\bora-vmsoft\build\release\vsock\windows\win2k\
i386\vsock.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vsock.sys -
DBGHELP: vsock - export symbols
SYMSRV: vmm.pdb is in the file exclusion list
DBGHELP: m:\src\built\vs2005.sp2\vssp2\usa\ent_volume\i386\sym\sys\vmm.pdb - fil
e not found
*** ERROR: Module load completed but symbols could not be loaded for vmm.sys
DBGHELP: vmm - no symbols loaded
************* Symbol Loading Error Summary **************
Module name Error
vmci The system cannot find the file specified : srv*e:\symbols*
http://msdl.microsoft.com/download/symbols The SYMSRV client
failed to find a file in the UNC store, or there is an invalid
UNC store (an invalid path or thepingme.txt file is not present
in the root directory), or the fileis present
in the symbol server exclusion list.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
answer to comment
well for a start there is a setting up exclusion list topic in windbg help
this topic alludes to this file (file is alluded in respect to using the symproxy and is supposed to be created at %windowsdir\system32\inetsrv\" and doesnt work for symsrv.dll (the registry key also doesnt seem to work )
https://msdn.microsoft.com/en-us/library/windows/hardware/ff556870(v=vs.85).aspx
for me i saw in procmon a failure with NameNotFound error in fastio path in windbg installation directory
so on a hunch i moved the file from above mentioned path to windbg installation directory
and things seemed to work correctly that was very long back
but subsequently i've seen post from jason shay (MSFT) in osr windbg lists stating this feature was pushed in windbg 6.4.4 beta
http://www.osronline.com/showthread.cfm?link=68916
so there isn't any common sense missing just that the corner cases are always difficult to find
I am doing remote debugging of windows vista using VmWare , but i encounter the
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe "
also , if i give "!process 0 0 " in windbg , i get
**** NT ACTIVE PROCESS DUMP **** NT symbols are incorrect, please fix symbols
I tried setting _NT_SYMBOL_PATH to "symsrv*symsrv.dll*c:\symbols*http://msdl.microsoft.com/download/symbols" (This was given in http://support.microsoft.com/kb/311503/) , then i changed the symbol file path of windbg to "srv*C:\Symbols\MsSymbols*http://msdl.microsoft.com/download/symbols" , but even after that i get the same errors, when i run symchk.exe to download symbols, i could get a lot of FAILED messages.
when i try to reload using .reload after running !sym noisy, i get
Connected to Windows Vista 6000 x86 compatible target at (Sat Jan 28 16:52:23.839 2012 (GMT+5)), ptr64 FALSE
SYMSRV: The system cannot find the file specified.
SYMSRV: The system cannot find the file specified.
SYMSRV: The system cannot find the file specified.
SYMSRV: c:\symbols\mssymbols\ntkrpamp.pdb\FD50D285751D4684938604B2CC1B41682\ntkrpamp.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrpamp.pdb/FD50D285751D4684938604B2CC1B41682/ntkrpamp.pdb not found
DBGHELP: ntkrpamp.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
DBGHELP: nt - export symbols
Loading Kernel Symbols
...............................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
....
But still when i try to run !process 0 0 , i get an error saying incorrect symbols
Thanks for your help and time in advance..
Your fixed symbol path looks good to me, that first path was entirely incorrect. Can you try the following commands and see if it works?
.symfix c:\websymbols
.reload /o
If that doesn't work, are you running and official version on the target? As in, it's not a Beta release or something, right? You might also want to rule out any networking issues.
I've encountered the same problems.
It is that My IE browser cannt connect Internet(while others could) causing the windbg return ERROR_CANNOT_CONNECT_INTERNET resulting pdb-file cannot be found..
SYMSRV: BYINDEX: 0x5
d:\symbolslocal*http://msdl.microsoft.com/download/symbols
ntdll.dll
4CE7B96E13c000
SYMSRV: d:\symbolslocal\ntdll.dll\4CE7B96E13c000\ntdll.dll - file not found
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/4CE7B96E13c000/ntdll.dll
SYMSRV: HttpSendRequest: 12029 - ERROR_INTERNET_CANNOT_CONNECT
SYMSRV: d:\symbolslocal\ntdll.dll\4CE7B96E13c000\ntdll.dll not found
SYMSRV:http://msdl.microsoft.com/download/symbols/ntdll.dll/4CE7B96E13c000/ntdll.dll not found
DBGHELP: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\ntdll.dll - file not found
DBGHELP: E:\Program Files (x86)\Windows Kits\10\Debuggers\x64\ntdll.dll - file not found
DBGENG: ntdll.dll - Image mapping disallowed by non-local path.
DBGHELP: No debug info for ntdll.dll. Searching for dbg file
SYMSRV: BYINDEX: 0x6
d:\symbolslocal*http://msdl.microsoft.com/download/symbols
ntdll.dbg
4CE7B96E13c000
SYMSRV: d:\symbolslocal\ntdll.dbg\4CE7B96E13c000\ntdll.dbg - file not found
SYMSRV: HTTPGET: /download/symbols/ntdll.dbg/4CE7B96E13c000/ntdll.dbg
SYMSRV: HttpSendRequest: 12029 - ERROR_INTERNET_CANNOT_CONNECT
SYMSRV: d:\symbolslocal\ntdll.dbg\4CE7B96E13c000\ntdll.dbg not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntdll.dbg/4CE7B96E13c000/ntdll.dbg not found
DBGHELP: .\ntdll.dbg - file not found
DBGHELP: .\dll\ntdll.dbg - path not found
DBGHELP: .\symbols\dll\ntdll.dbg - path not found
DBGHELP: ntdll.dll missing debug info. Searching for pdb anyway
DBGHELP: Can't use symbol server for ntdll.pdb - no header information available
DBGHELP: ntdll.pdb - file not found
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
So just fix IE problem, then windbg will work fine.
About how to fix IE problem,
open 'Internet Options' --- > 'Connection' --->
delete all connections -----> restart the IE ----> IE OK
Then windbg can access Internet now, it can download symbol files now.
IE cannot access INTERNET may cause many probs in many programs.Hope it helps.