Hello all,
I would like to know how to retrieve a
kernel structure using WinDbg, for instance,
I would like to retrieve _KEVENT, thus, I tried
dt _KEVENT/KEVENT !_KEVENT/KEVENT but it didn’t
work…
Can someone please tell me how to retrieve such
structures in WinDbg?
(the right symbols are loaded, I also verified
it using “lml” )
Thanks,
-Mike.
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
Hi,
dt _KEVENT 0x8053be3c -r
works for me.
Yours
Roger
Roger Coote,
Senior Design Engineer
PowerVR Technologies, A Division of Imagination Technologies Ltd
Home Park Estate, Kings Langley, Hertfordshire, WD4 8LZ, UK
phone :+44 (1923) 260511 fax :+44 (1923) 268969
direct :+44 (1923) 277274
mailto:xxxxx@powervr.com www.powervr.com
-----Original Message-----
From: Mike Malgin [mailto:xxxxx@yahoo.com]
Sent: 08 April 2002 14:30
To: Kernel Debugging Interest List
Subject: [windbg] Symbols & Structures.
Hello all,
I would like to know how to retrieve a
kernel structure using WinDbg, for instance,
I would like to retrieve _KEVENT, thus, I tried
dt _KEVENT/KEVENT !_KEVENT/KEVENT but it didn’t
work…
Can someone please tell me how to retrieve such
structures in WinDbg?
(the right symbols are loaded, I also verified
it using “lml” )
Thanks,
-Mike.
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
You are currently subscribed to windbg as: xxxxx@videologic.com
To unsubscribe send a blank email to %%email.unsub%%
That’s so weird, now the lml shows
start end module name
80400000 80590900 nt *#*
d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb
According to the docs
“# -> There is a mismatch between the symbol file and
the executable”
The weird thing is that I use MS on-line symbols
server, so how can this happen ?
I even tried to delete the symbols directory and
to reload it again, though, same results.
The target is Win2K SP2.
Thanks,
-Mike.
— Roger Coote wrote:
> Hi,
>
> dt KEVENT 0x8053be3c -r
>
> works for me.
>
> Yours
> Roger
>
>
> Roger Coote,
> Senior Design Engineer
> PowerVR Technologies, A Division of Imagination
> Technologies Ltd
> Home Park Estate, Kings Langley, Hertfordshire,
> WD4 8LZ, UK
> phone :+44 (1923) 260511 fax :+44
> (1923) 268969
> direct :+44 (1923) 277274
> mailto:xxxxx@powervr.com www.powervr.com
>
_
>
>
>
> -----Original Message-----
> From: Mike Malgin [mailto:xxxxx@yahoo.com]
> Sent: 08 April 2002 14:30
> To: Kernel Debugging Interest List
> Subject: [windbg] Symbols & Structures.
>
>
> Hello all,
>
> I would like to know how to retrieve a
> kernel structure using WinDbg, for instance,
> I would like to retrieve _KEVENT, thus, I tried
> dt _KEVENT/KEVENT !_KEVENT/KEVENT but it didn’t
> work…
> Can someone please tell me how to retrieve such
> structures in WinDbg?
> (the right symbols are loaded, I also verified
> it using “lml” )
>
> Thanks,
> -Mike.
>
>
> Do You Yahoo!?
> Yahoo! Tax Center - online filing with TurboTax
> http://taxes.yahoo.com/
>
> —
> You are currently subscribed to windbg as:
> xxxxx@videologic.com
> To unsubscribe send a blank email to %%email.unsub%%
>
> —
> You are currently subscribed to windbg as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
Hi,
Can someone please tell me how this can happen
when I’m using Microsoft symbol server ??
kd> .sympath
Symbol search path is:
srv*d:\symbols*http://msdl.microsoft.com/download/symbols;
kd> dt _KEVENT 0x8053be3c -r
*************************************************************************
***
***
*** Your debugger is not using the correct symbols
**
*** In order for this command to work properly,
your symbol path must point to .pdb files that
have full type information.
***
***
***
*** Certain .pdb files (such as the public OS
symbols) do not
***
*** contain the required information. Contact
the group that
***
*** provided you with these symbols if you need
this command to
— Mike Malgin wrote:
>
> That’s so weird, now the lml shows
> start end module name
> 80400000 80590900 nt #
> d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb
>
> According to the docs
> “# -> There is a mismatch between the symbol file
> and
> the executable”
> The weird thing is that I use MS on-line symbols
> server, so how can this happen ?
>
> I even tried to delete the symbols directory and
> to reload it again, though, same results.
> The target is Win2K SP2.
>
>
> Thanks,
> -Mike.
>
>
> — Roger Coote wrote:
> > Hi,
> >
> > dt KEVENT 0x8053be3c -r
> >
> > works for me.
> >
> > Yours
> > Roger
> >
> >
>
> > Roger Coote,
> > Senior Design Engineer
> > PowerVR Technologies, A Division of Imagination
> > Technologies Ltd
> > Home Park Estate, Kings Langley, Hertfordshire,
>
> > WD4 8LZ, UK
> > phone :+44 (1923) 260511 fax :+44
> > (1923) 268969
> > direct :+44 (1923) 277274
> > mailto:xxxxx@powervr.com www.powervr.com
> >
>
_
> >
> >
> >
> > -----Original Message-----
> > From: Mike Malgin [mailto:xxxxx@yahoo.com]
> > Sent: 08 April 2002 14:30
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Symbols & Structures.
> >
> >
> > Hello all,
> >
> > I would like to know how to retrieve a
> > kernel structure using WinDbg, for instance,
> > I would like to retrieve _KEVENT, thus, I tried
> > dt _KEVENT/KEVENT !_KEVENT/KEVENT but it didn’t
> > work…
> > Can someone please tell me how to retrieve such
> > structures in WinDbg?
> > (the right symbols are loaded, I also verified
> > it using “lml” )
> >
> > Thanks,
> > -Mike.
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
Your path looks correct (except maybe for the end semicolon, but that
shouldn’t matter).
If you do:
!sym noisy
.reload -f ntoskrnl.exe
what does that output say?
sean
Mike Malgin wrote:
Hi,
Can someone please tell me how this can happen
when I’m using Microsoft symbol server ??kd> .sympath
Symbol search path is:
srv*d:\symbols*http://msdl.microsoft.com/download/symbols;
kd> dt _KEVENT 0x8053be3c -r
*************************************************************************
******
*** Your debugger is not using the correct symbols
**
*** In order for this command to work properly,
your symbol path must point to .pdb files thathave full type information.
***
******
*** Certain .pdb files (such as the public OS
symbols) do not
***
*** contain the required information. Contact
the group that
***
*** provided you with these symbols if you need
this command to— Mike Malgin wrote:
>
>>That’s so weird, now the lml shows
>>start end module name
>>80400000 80590900 nt #
>>d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb
>>
>>According to the docs
>>“# -> There is a mismatch between the symbol file
>>and
>>the executable”
>>The weird thing is that I use MS on-line symbols
>>server, so how can this happen ?
>>
>>I even tried to delete the symbols directory and
>>to reload it again, though, same results.
>>The target is Win2K SP2.
>>
>>
>>Thanks,
>>-Mike.
>>
>>
>>— Roger Coote wrote:
>>
>>>Hi,
>>>
>>>dt KEVENT 0x8053be3c -r
>>>
>>>works for me.
>>>
>>>Yours
>>>Roger
>>>
>>>
>
>
>>>Roger Coote,
>>>Senior Design Engineer
>>>PowerVR Technologies, A Division of Imagination
>>>Technologies Ltd
>>>Home Park Estate, Kings Langley, Hertfordshire,
>>>
>>>WD4 8LZ, UK
>>>phone :+44 (1923) 260511 fax :+44
>>>(1923) 268969
>>>direct :+44 (1923) 277274
>>>mailto:xxxxx@powervr.com www.powervr.com
>>>
>_
>
>>>
>>>
>>>-----Original Message-----
>>>From: Mike Malgin [mailto:xxxxx@yahoo.com]
>>>Sent: 08 April 2002 14:30
>>>To: Kernel Debugging Interest List
>>>Subject: [windbg] Symbols & Structures.
>>>
>>>
>>>Hello all,
>>>
>>> I would like to know how to retrieve a
>>> kernel structure using WinDbg, for instance,
>>> I would like to retrieve _KEVENT, thus, I tried
>>> dt _KEVENT/KEVENT !_KEVENT/KEVENT but it didn’t
>>> work…
>>> Can someone please tell me how to retrieve such
>>> structures in WinDbg?
>>> (the right symbols are loaded, I also verified
>>> it using “lml” )
>>>
>>>Thanks,
>>>-Mike.
>>>
>
>
> __________________________________________________
>Do You Yahoo!?
>Yahoo! Tax Center - online filing with TurboTax
>http://taxes.yahoo.com/
>
>—
>You are currently subscribed to windbg as: xxxxx@stg.com
>To unsubscribe send a blank email to %%email.unsub%%
>
can you do
!sym noisy
and .reload to see if the symbols are OK?
Suifun
Mike Malgin
To: “Kernel Debugging Interest List”
Sent by: cc:
bounce-windbg-5602@li Subject: [windbg] RE: Symbols & Structures.
sts.osr.com
04/08/2002 04:25 PM
Please respond to
“Kernel Debugging
Interest List”
Hi,
Can someone please tell me how this can happen
when I’m using Microsoft symbol server ??
kd> .sympath
Symbol search path is:
srvd:\symbolshttp://msdl.microsoft.com/download/symbols;
kd> dt KEVENT 0x8053be3c -r
*********************************************************************
Your debugger is not using the correct symbols
In order for this command to work properly,
your symbol path must point to .pdb files that
have full type information.
Certain .pdb files (such as the public OS
symbols) do not
contain the required information. Contact
the group that
provided you with these symbols if you need
this command to
— Mike Malgin wrote:
>
> That’s so weird, now the lml shows
> start end module name
> 80400000 80590900 nt #
> d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb
>
> According to the docs
> “# -> There is a mismatch between the symbol file
> and
> the executable”
> The weird thing is that I use MS on-line symbols
> server, so how can this happen ?
>
> I even tried to delete the symbols directory and
> to reload it again, though, same results.
> The target is Win2K SP2.
>
>
> Thanks,
> -Mike.
>
>
> — Roger Coote wrote:
> > Hi,
> >
> > dt KEVENT 0x8053be3c -r
> >
> > works for me.
> >
> > Yours
> > Roger
> >
> >
>
> > Roger Coote,
> > Senior Design Engineer
> > PowerVR Technologies, A Division of Imagination
> > Technologies Ltd
> > Home Park Estate, Kings Langley, Hertfordshire,
>
> > WD4 8LZ, UK
> > phone :+44 (1923) 260511 fax :+44
> > (1923) 268969
> > direct :+44 (1923) 277274
> > mailto:xxxxx@powervr.com www.powervr.com
> >
>
__
> >
> >
> >
> > -----Original Message-----
> > From: Mike Malgin [mailto:xxxxx@yahoo.com]
> > Sent: 08 April 2002 14:30
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Symbols & Structures.
> >
> >
> > Hello all,
> >
> > I would like to know how to retrieve a
> > kernel structure using WinDbg, for instance,
> > I would like to retrieve _KEVENT, thus, I tried
> > dt _KEVENT/KEVENT !_KEVENT/KEVENT but it didn’t
> > work…
> > Can someone please tell me how to retrieve such
> > structures in WinDbg?
> > (the right symbols are loaded, I also verified
> > it using “lml” )
> >
> > Thanks,
> > -Mike.
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
—
You are currently subscribed to windbg as: suifun@us.ibm.com
To unsubscribe send a blank email to %%email.unsub%%
Since you did not specify a module it could be that the debugger is
looking first at a PDB which does not have type information and that
would produce the message you see.
Try “dt nt!_KEVENT” to force the symbol looking to be restricted to the
ntoskrnl symbols.
If that doesn’t work then follow the suggestions of others to use noisy
symbol loading to track down if there is a symbol loading issue.
If the symbols are being loaded correctly then you should send mail to
the address listed on the symbol server web site about the issue.
It is possible that the type information is not supposed to be there.
In general Win2k symbols have less type info than the WinXP symbols.
-----Original Message-----
From: Mike Malgin [mailto:xxxxx@yahoo.com]
Sent: Monday, April 08, 2002 4:25 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Symbols & Structures.
Hi,
Can someone please tell me how this can happen
when I’m using Microsoft symbol server ??
kd> .sympath
Symbol search path is:
srv*d:\symbols*http://msdl.microsoft.com/download/symbols;
kd> dt _KEVENT 0x8053be3c -r
************************************************************************
*
***
***
*** Your debugger is not using the correct symbols
**
*** In order for this command to work properly,
your symbol path must point to .pdb files that
have full type information.
***
***
***
*** Certain .pdb files (such as the public OS
symbols) do not
***
*** contain the required information. Contact
the group that
***
*** provided you with these symbols if you need
this command to
— Mike Malgin wrote:
>
> That’s so weird, now the lml shows
> start end module name
> 80400000 80590900 nt #
> d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb
>
> According to the docs
> “# -> There is a mismatch between the symbol file
> and
> the executable”
> The weird thing is that I use MS on-line symbols
> server, so how can this happen ?
>
> I even tried to delete the symbols directory and
> to reload it again, though, same results.
> The target is Win2K SP2.
>
>
> Thanks,
> -Mike.
>
>
> — Roger Coote wrote:
> > Hi,
> >
> > dt KEVENT 0x8053be3c -r
> >
> > works for me.
> >
> > Yours
> > Roger
> >
> >
>
> > Roger Coote,
> > Senior Design Engineer
> > PowerVR Technologies, A Division of Imagination
> > Technologies Ltd
> > Home Park Estate, Kings Langley, Hertfordshire,
>
> > WD4 8LZ, UK
> > phone :+44 (1923) 260511 fax :+44
> > (1923) 268969
> > direct :+44 (1923) 277274
> > mailto:xxxxx@powervr.com www.powervr.com
> >
>
_
> >
> >
> >
> > -----Original Message-----
> > From: Mike Malgin [mailto:xxxxx@yahoo.com]
> > Sent: 08 April 2002 14:30
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Symbols & Structures.
> >
> >
> > Hello all,
> >
> > I would like to know how to retrieve a
> > kernel structure using WinDbg, for instance,
> > I would like to retrieve _KEVENT, thus, I tried
> > dt _KEVENT/KEVENT !_KEVENT/KEVENT but it didn’t
> > work…
> > Can someone please tell me how to retrieve such
> > structures in WinDbg?
> > (the right symbols are loaded, I also verified
> > it using “lml” )
> >
> > Thanks,
> > -Mike.
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
—
You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to %%email.unsub%%
Hi,
Thanks for the help!
kd> !sym noisy
Noisy mode on.
kd> .reload -f ntoskrnl.exe
DBGHELP: ntoskrnl.exe is stripped. Searching for
dbg file.
SYMSRV: d:\symbols\ntoskrnl.dbg\384D9B17190900
\ntoskrnl.dbg - OK.
DBGHELP: d:\symbols\ntoskrnl.dbg\384D9B17190900
\ntoskrnl.dbg - OK.
SYMSRV: d:\symbols\ntoskrnl.pdb\38237D2054
\ntoskrnl.pdb - OK.
DBGHELP: d:\symbols\ntoskrnl.pdb\38237D2054
\ntoskrnl.pdb - opened.
DBGHELP: nt - public symbols -
d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb.
kd> lml
start end module name
80400000 80590900 nt #
d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb
kd> dt nt!_KEVENT
*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***
I think that the loading of the symbols seems to be OK
but when I do the “lml” command it looks like there is
some kind of problem…
It’s worth noting that I even deleted the symbols dir
and let dbg download it again…
I also tried to load “ndis.sys” to check some
structure
even when the “lml” showed that it was successfully
loaded, it gave me the same error message which I
posted in the previous msg.
Here is the output from the ndis…
kd> .reload -f ndis.sys
DBGHELP: NDIS.sys is stripped. Searching for dbg
file.
SYMSRV:
http://msdl.microsoft.com/download/symbols/NDIS.dbg/38437EBA28e40/NDIS.dbg/NDIS.dbg
not found.
SYMSRV:
http://msdl.microsoft.com/download/symbols/NDIS.dbg/38437EBA28e40/NDIS.db_
copied.
SYMSRV: d:\symbols\NDIS.dbg\38437EBA28e40\NDIS.dbg -
OK.
DBGHELP: d:\symbols\NDIS.dbg\38437EBA28e40\NDIS.dbg -
OK.
SYMSRV:
http://msdl.microsoft.com/download/symbols/ndis.pdb/381A29621/ndis.pdb/ndis.pdb
not found.
SYMSRV:
http://msdl.microsoft.com/download/symbols/ndis.pdb/381A29621/ndis.pd_
copied.
SYMSRV: d:\symbols\ndis.pdb\381A29621\ndis.pdb - OK.
DBGHELP: d:\symbols\ndis.pdb\381A29621\ndis.pdb -
opened.
DBGHELP: NDIS - public symbols -
d:\symbols\ndis.pdb\381A29621\ndis.pdb.
kd> lml
start end module name
80400000 80590900 nt #
d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb
fcee8000 fcf10e40 NDIS
d:\symbols\ndis.pdb\381A29621\ndis.pdb
kd> dt ndis!_NDIS_PROTOCOL_BLOCK
ERROR MESSAGE(as in the previous msg)
Thanks again!
-Mike.
– Sean Bullington wrote:
> Your path looks correct (except maybe for the end
> semicolon, but that
> shouldn’t matter).
>
> If you do:
>
> !sym noisy
> .reload -f ntoskrnl.exe
>
> what does that output say?
>
> sean
>
> Mike Malgin wrote:
>
> >Hi,
> >
> > Can someone please tell me how this can happen
> > when I’m using Microsoft symbol server ??
> >
> >kd> .sympath
> >Symbol search path is:
>
>srvd:\symbolshttp://msdl.microsoft.com/download/symbols;
> >kd> dt KEVENT 0x8053be3c -r
>
> *********************************************************************
> >
>
> >
> >
>
> >
> > Your debugger is not using the correct
> symbols
> >
> > In order for this command to work properly,
> > your symbol path must point to .pdb files
> that
> >
> > have full type information.
> >
> >
>
> >
> >
> > Certain .pdb files (such as the public OS
>
> > symbols) do not
> >
> > contain the required information. Contact
>
> > the group that
> >
> > provided you with these symbols if you need
> > this command to
> >
> >— Mike Malgin wrote:
> >
> >>That’s so weird, now the lml shows
> >>start end module name
> >>80400000 80590900 nt #
> >>d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb
> >>
> >>According to the docs
> >>“# -> There is a mismatch between the symbol file
> >>and
> >>the executable”
> >>The weird thing is that I use MS on-line symbols
> >>server, so how can this happen ?
> >>
> >>I even tried to delete the symbols directory and
> >>to reload it again, though, same results.
> >>The target is Win2K SP2.
> >>
> >>
> >>Thanks,
> >>-Mike.
> >>
> >>
> >>— Roger Coote wrote:
> >>
> >>>Hi,
> >>>
> >>>dt KEVENT 0x8053be3c -r
> >>>
> >>>works for me.
> >>>
> >>>Yours
> >>>Roger
> >>>
> >>>
>
>
> >
> >>>Roger Coote,
> >>>Senior Design Engineer
> >>>PowerVR Technologies, A Division of Imagination
> >>>Technologies Ltd
> >>>Home Park Estate, Kings Langley,
> Hertfordshire,
> >>>
> >>>WD4 8LZ, UK
> >>>phone :+44 (1923) 260511 fax
> :+44
> >>>(1923) 268969
> >>>direct :+44 (1923) 277274
> >>>mailto:xxxxx@powervr.com www.powervr.com
>
> >>>
>
>__
> >
> >>>
> >>>
> >>>-----Original Message-----
> >>>From: Mike Malgin [mailto:xxxxx@yahoo.com]
> >>>Sent: 08 April 2002 14:30
> >>>To: Kernel Debugging Interest List
> >>>Subject: [windbg] Symbols & Structures.
> >>>
> >>>
> >>>Hello all,
> >>>
> >>> I would like to know how to retrieve a
> >>> kernel structure using WinDbg, for instance,
> >>> I would like to retrieve _KEVENT, thus, I tried
> >>> dt _KEVENT/KEVENT !_KEVENT/KEVENT but it didn’t
> >>> work…
> >>> Can someone please tell me how to retrieve such
> >>> structures in WinDbg?
> >>> (the right symbols are loaded, I also verified
>
> >>> it using “lml” )
> >>>
> >>>Thanks,
> >>>-Mike.
> >>>
> >
> >
> >
> >Do You Yahoo!?
> >Yahoo! Tax Center - online filing with TurboTax
> >http://taxes.yahoo.com/
> >
> >—
> >You are currently subscribed to windbg as:
> xxxxx@stg.com
> >To unsubscribe send a blank email to
> %%email.unsub%%
> >
>
>
>
> —
> You are currently subscribed to windbg as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
I think the problem is that the symbol isn’t in the file. I just ran
this on a 2k box with service pack 2 installed (note that the symbol
file it found is the one for the original checked build of win2k, so I’m
guessing ntoskrnl.exe didn’t change when I updated the system):
kd> lml
start end module name
80400000 8068de40 nt
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.pdb
kd> .reload -f nt
DBGHELP: ntoskrnl.exe is stripped. Searching for dbg file.
SYMSRV: \jackson\wintools\symsrv\ntoskrnl.dbg\384D4CFD28de40\file.ptr
SYMSRV:
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.dbg - OK.
DBGHELP:
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.dbg - OK.
SYMSRV: \jackson\wintools\symsrv\ntoskrnl.pdb\38237D1B1e\file.ptr
SYMSRV:
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.pdb - OK.
DBGHELP:
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.pdb -
opened.
DBGHELP: nt - public symbols -
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.pdb.
kd> dt nt!_KEVENT
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** ***
*************************************************************************
Symbol nt!_KEVENT not found.
kd> X nt!*
8042cd2d nt!IopFreeDCB
80442f44 nt!KiQuantumEnd
8061313e nt!MiAllocateSpecialPool
80507bbc nt!FsRtlDissectName
804bea70 nt!KiContextSwapLock
805fe8e4 nt!IovpGetLowestDevice
804c7194 nt!WmipHardFaultOnly
804d4190 nt!MiTriageActionTaken
-------- snip --------
and then just to double check:
kd> !sym quiet
Quiet mode on.
kd> .reload -f
Connected to Windows 2000 2195 x86 compatible target, ptr64 FALSE
Loading Kernel Symbols
…*** ERROR: Symbol file could not be
found. Defaulted to export symbols for KS.SYS -
…*** ERROR: Symbol file could
not be found. Defaulted to export symbols for dump_WMILIB.SYS -
…*** ERROR: Symbol file could not be found. Defaulted to export
symbols for PH32DSP.DLL -
…
Loading unloaded module list
No unloaded module list present
Loading User Symbols
kd> dt _KEVENT
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** ***
*************************************************************************
Symbol _KEVENT not found.
so the symbol file for ntoskrnl.exe is loaded correctly on my machine,
but apparently “_KEVENT” isn’t registered in any of the symbol files :\
sean
Mike Malgin wrote:
Hi,
Thanks for the help!
kd> !sym noisy
Noisy mode on.
kd> .reload -f ntoskrnl.exe
DBGHELP: ntoskrnl.exe is stripped. Searching for
dbg file.
SYMSRV: d:\symbols\ntoskrnl.dbg\384D9B17190900
\ntoskrnl.dbg - OK.
DBGHELP: d:\symbols\ntoskrnl.dbg\384D9B17190900
\ntoskrnl.dbg - OK.
SYMSRV: d:\symbols\ntoskrnl.pdb\38237D2054
\ntoskrnl.pdb - OK.
DBGHELP: d:\symbols\ntoskrnl.pdb\38237D2054
\ntoskrnl.pdb - opened.
DBGHELP: nt - public symbols -
d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb.
kd> lml
start end module name
80400000 80590900 nt #
d:\symbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb
kd> dt nt!_KEVENT*************************************************************************
***
***
***
***
*** Your debugger is not using the correct symbols
***I think that the loading of the symbols seems to be OK
but when I do the “lml” command it looks like there is
some kind of problem…
It’s worth noting that I even deleted the symbols dir
and let dbg download it again…
Thanks a lot!!!
— Sean Bullington wrote:
> I think the problem is that the symbol isn’t in the
> file. I just ran
> this on a 2k box with service pack 2 installed (note
> that the symbol
> file it found is the one for the original checked
> build of win2k, so I’m
> guessing ntoskrnl.exe didn’t change when I updated
> the system):
>
> kd> lml
> start end module name
> 80400000 8068de40 nt
>
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.pdb
> kd> .reload -f nt
> DBGHELP: ntoskrnl.exe is stripped. Searching for
> dbg file.
> SYMSRV:
>
\jackson\wintools\symsrv\ntoskrnl.dbg\384D4CFD28de40\file.ptr
> SYMSRV:
>
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.dbg
> - OK.
> DBGHELP:
>
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.dbg
> - OK.
> SYMSRV:
>
\jackson\wintools\symsrv\ntoskrnl.pdb\38237D1B1e\file.ptr
> SYMSRV:
>
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.pdb
> - OK.
> DBGHELP:
>
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.pdb
> -
> opened.
> DBGHELP: nt - public symbols -
>
\jackson\wintools\Symbols\Windows_2000\Original\Debug\ntoskrnl.pdb.
> kd> dt nt!_KEVENT
>
>
>
>
>
> Your debugger is not using the correct
> symbols
>
>
> In order for this command to work properly,
> your symbol path
> must point to .pdb files that have full type
> information.
>
>
> Certain .pdb files (such as the public OS
> symbols) do not
> contain the required information. Contact
> the group that
> provided you with these symbols if you need
> this command to
> work.
>
>
>
>
>
>
> Symbol nt!_KEVENT not found.
> kd> X nt!
> 8042cd2d nt!IopFreeDCB
> 80442f44 nt!KiQuantumEnd
> 8061313e nt!MiAllocateSpecialPool
> 80507bbc nt!FsRtlDissectName
> 804bea70 nt!KiContextSwapLock
> 805fe8e4 nt!IovpGetLowestDevice
> 804c7194 nt!WmipHardFaultOnly
> 804d4190 nt!MiTriageActionTaken
> -------- snip --------
>
> and then just to double check:
>
> kd> !sym quiet
> Quiet mode on.
> kd> .reload -f
> Connected to Windows 2000 2195 x86 compatible
> target, ptr64 FALSE
> Loading Kernel Symbols
> … ERROR: Symbol
> file could not be
> found. Defaulted to export symbols for KS.SYS -
> … ERROR:
> Symbol file could
> not be found. Defaulted to export symbols for
> dump_WMILIB.SYS -
> … ERROR: Symbol file could not be found.
> Defaulted to export
> symbols for PH32DSP.DLL -
> …
> Loading unloaded module list
> No unloaded module list present
> Loading User Symbols
> kd> dt _KEVENT
>
*********************************************************************
>
>
>
>
> Your debugger is not using the correct
> symbols
>
>
> In order for this command to work properly,
> your symbol path
> must point to .pdb files that have full type
> information.
>
>
> Certain .pdb files (such as the public OS
> symbols) do not
> contain the required information. Contact
> the group that
> provided you with these symbols if you need
> this command to
> work.
>
>
>
>
>
>
*************************************************************************
> Symbol _KEVENT not found.
>
>
> so the symbol file for ntoskrnl.exe is loaded
> correctly on my machine,
> but apparently “_KEVENT” isn’t registered in any of
> the symbol files :<br>>
> sean
>
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/