Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Windows 10 Kernel Symbols Not Available?

Jeffry_GummesonJeffry_Gummeson Member Posts: 26
Hi,

I'm trying to analyze a Windows 10 Crash dump and I'm getting:

*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -

My symbols were working a couple of days ago. I noticed my Kernel was recently updated to build 14393 and the kernel symbols haven't been working since. I don't think it's a problem with my symbol path, which is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols

When I reload with !sym noisy I get HTTP_STATUS_NOT_FOUND for ntkrnlmp.pdb. Any ideas what's wrong? Appreciate any help.

Comments

  • aluhrsaluhrs Member - All Emails Posts: 32
    Can you tell me the exact build number (Settings->system->about) and give the output of a noisy symbol load when trying to load ntkrnlmp.pdb?
  • Ged_MurphyGed_Murphy Member - All Emails Posts: 116
    I've had lots of problems with symbols over the last few days.
    It's regularly slow pulling them from the symbol server, and occasionally it
    fails to pull them entirely. If I leave it for a while and retry, it works
    again.

    When it goes down I'm unable to work, so I've resorted to keeping an offline
    cache as it's too unreliable at the moment.

    It was down a few months ago for over a week. Are MS losing interest in
    keeping this service reliable?

    Ged.

    -----Original Message-----
    From: [email protected]
    [mailto:[email protected]] On Behalf Of
    [email protected]
    Sent: 11 November 2016 17:08
    To: Kernel Debugging Interest List <[email protected]>
    Subject: [windbg] Windows 10 Kernel Symbols Not Available?

    Hi,

    I'm trying to analyze a Windows 10 Crash dump and I'm getting:

    *** ERROR: Symbol file could not be found. Defaulted to export symbols for
    ntkrnlmp.exe -

    My symbols were working a couple of days ago. I noticed my Kernel was
    recently updated to build 14393 and the kernel symbols haven't been working
    since. I don't think it's a problem with my symbol path, which is:
    srv*c:\symbols*https://msdl.microsoft.com/download/symbols

    When I reload with !sym noisy I get HTTP_STATUS_NOT_FOUND for ntkrnlmp.pdb.
    Any ideas what's wrong? Appreciate any help.




    ---
    WINDBG is sponsored by OSR

    OSR is hiring!! Info at http://www.osr.com/careers


    MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
    drivers!
    Details at <http://www.osr.com/seminars&gt;

    To unsubscribe, visit the List Server section of OSR Online at
    <http://www.osronline.com/page.cfm?name=ListServer&gt;
  • Jeffry_GummesonJeffry_Gummeson Member Posts: 26
    Not sure which settings menu you're talking about but the meta info on my ntoskrnl.exe file shows File version 10.0.14393.447. Under "Original filename" it indicates it's the ntkrnlmp.exe variant of the kernel. Here's the noisy output for the kernel symbols:

    1: kd> .reload
    SYMSRV: BYINDEX: 0x11
    c:\symbols*https://msdl.microsoft.com/download/symbols
    ntkrnlmp.pdb
    4DAC3B582A9147ECAED2644CB165222B1
    SYMSRV: c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb - file not found
    SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb

    SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
    SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pd_

    SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
    SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/file.ptr

    SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
    SYMSRV: c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb not found
    SYMSRV: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb not found
    DBGHELP: ntkrnlmp.pdb - file not found
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
    DBGHELP: nt - export symbols
    Loading Kernel Symbols
  • raj_rraj_r Member - All Emails Posts: 983
    well i think he is talking about the setting app in windows 10 which
    you can open by

    hotkey winkey + i

    or using cmd prompt and typing in start ms-settings

    or using explorer context menu rightclick -on desktop select settings

    or may be even with wmic


    C:\>wmic os get BuildNumber
    BuildNumber
    7601


    you also should be aware that there is a lot of problems with symbol
    server for the past few months some times you get 404 for several
    times and then you can download it magically



    On 11/11/16, [email protected] <[email protected]> wrote:
    > Not sure which settings menu you're talking about but the meta info on my
    > ntoskrnl.exe file shows File version 10.0.14393.447. Under "Original
    > filename" it indicates it's the ntkrnlmp.exe variant of the kernel. Here's
    > the noisy output for the kernel symbols:
    >
    > 1: kd> .reload
    > SYMSRV: BYINDEX: 0x11
    > c:\symbols*https://msdl.microsoft.com/download/symbols
    > ntkrnlmp.pdb
    > 4DAC3B582A9147ECAED2644CB165222B1
    > SYMSRV:
    > c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb -
    > file not found
    > SYMSRV: HTTPGET:
    > /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb
    >
    > SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
    > SYMSRV: HTTPGET:
    > /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pd_
    >
    > SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
    > SYMSRV: HTTPGET:
    > /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/file.ptr
    >
    > SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
    > SYMSRV:
    > c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb not
    > found
    > SYMSRV:
    > https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb
    > not found
    > DBGHELP: ntkrnlmp.pdb - file not found
    > *** ERROR: Symbol file could not be found. Defaulted to export symbols for
    > ntkrnlmp.exe -
    > DBGHELP: nt - export symbols
    > Loading Kernel Symbols
    >
    >
    >
    > ---
    > WINDBG is sponsored by OSR
    >
    > OSR is hiring!! Info at http://www.osr.com/careers
    >
    >
    > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
    > drivers!
    > Details at <http://www.osr.com/seminars&gt;
    >
    > To unsubscribe, visit the List Server section of OSR Online at
    > <http://www.osronline.com/page.cfm?name=ListServer&gt;
    >
  • Jeffry_GummesonJeffry_Gummeson Member Posts: 26
    Ok thanks for the info. It was working great earlier this week until that update got installed. I've tried lots of times so I don't think it's just intermittent problems with reaching the server. I'm wondering if maybe they haven't published the symbols yet...
  • aluhrsaluhrs Member - All Emails Posts: 32
    @Ged, we're definitely working on improving it.

    @Jeffry, I'm following up on your issue right now, it looks like some of the symbols for that build failed to get indexed.
  • msrmsr Member Posts: 344
    HAVING SAME ISSUE !!!

    All was fine and dandy couple of days back. I was able to even use source indexed KMDF stuff. Now I get below.

    My versions
    OS:
    Win10 Enterprise / Build 14393.rs1_release_inmarket.161102-0100 (at bottom right corner)
    Edition: Win10 Enterprise Version: 1607, OS Build: 14393.447 (from winkey + i)

    MS VS Enterprise 2015 - 14.0.25431.01 Update 3
    SDK - 10.0.14393.0
    WDK - 10.0.14393.33
    Windbg - 10.0.14321.1024 AMD64


    Who installs Windbg ? i.e. VS or SDK or WDK?
    Thinking I have old Windbg, I tried installing Windbg separately from below link, but it doesn't allow, asks me uninstall/reinstall SDK. Anyways even after doing that, the windbg version is same as above.
    https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit

    It would be better to list the version of Windbg included in a VS, SDK, WDK somewhere?

    Also if I have to download symbol packages offline from below for my above OS, how do I figure out which ones to download, only few nodes there have a build number??
    https://developer.microsoft.com/en-us/windows/hardware/download-symbols


    ----
    ************* Symbol Path validation summary **************
    Response Time (ms) Location
    Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    1: kd> .reload /f nt
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
    1: kd> !sym noisy
    noisy mode - symbol prompts on
    1: kd> .reload /f nt
    SYMSRV: BYINDEX: 0x7
    c:\symbols*http://msdl.microsoft.com/download/symbols
    ntkrnlmp.pdb
    4DAC3B582A9147ECAED2644CB165222B1
    SYMSRV: c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb - file not found
    SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb

    SYMSRV: HttpSendRequest: 12002 - ERROR_INTERNET_TIMEOUT
    SYMSRV: c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb not found
    SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb not found
    DBGHELP: ntkrnlmp.pdb - file not found
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
    DBGHELP: nt - export symbols
  • Hello everyone,

    I am having exactly the same problem with ntkrnlmp symbols not working for Windows 10 1607 x64. This is been going on like this since Monday.

    Anyone was able to resolve the problem? I am amazed that I never had such problems with symbols since 2k days and now this is going on like this for a week and it is not fixed ...
  • aluhrsaluhrs Member - All Emails Posts: 32
    We're still working on getting symbols out for the KBs that were released in the past couple weeks.
  • msrmsr Member Posts: 344
    I am o.k. now!

    3: kd> lmDvmnt
    Browse full module list
    start end module name
    fffff803`ae21b000 fffff803`aea3b000 nt (pdb symbols) c:\_symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Browse all global symbols functions data
    Timestamp: Wed Nov 2 03:17:03 2016 (5819BD1F)
    CheckSum: 0077E1C5
    ImageSize: 00820000
    Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
  • Indeed, it started to work well since today :)
  • Ian_BlakeIan_Blake Member Posts: 81
    ntoskrnl is dowloading now.
    Unfortunately Kernel32.dll is blocking normal operation now :-(
    I hope Microsoft are continuing to index all symbols
  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,302
    Sometimes the user mode symbols don't load because the PE header's debug
    directory is paged out. What does !sym noisy/.reload say when trying to load
    symbols for kernel32.dll?

    -scott
    OSR
    @OSRDrivers

    "Ian Blake" wrote in message news:[email protected]

    ntoskrnl is dowloading now.
    Unfortunately Kernel32.dll is blocking normal operation now :-(
    I hope Microsoft are continuing to index all symbols

    -scott
    OSR

  • Ged_MurphyGed_Murphy Member - All Emails Posts: 116
    I've been getting all sorts of errors from the symbol server over the past
    few months.
    Not sure if it's the same as the OP, but here's my daily surprise error for
    today

    0:006> !sym noisy
    noisy mode - symbol prompts on
    0:006> .reload
    ...............................
    SYMSRV: BYINDEX: 0x17
    d:\symbols*https://msdl.microsoft.com/download/symbols
    wntdll.pdb
    DCCFF2D483FA4DEE81DC04552C73BB5E2
    SYMSRV: d:\symbols\wntdll.pdb\DCCFF2D483FA4DEE81DC04552C73BB5E2\wntdll.pdb
    - file not found
    SYMSRV: HTTPGET:
    /download/symbols/wntdll.pdb/DCCFF2D483FA4DEE81DC04552C73BB5E2/wntdll.pdb
    SYMSRV: HttpQueryInfo: 502 - HTTP_STATUS_BAD_GATEWAY
    SYMSRV: d:\symbols\wntdll.pdb\DCCFF2D483FA4DEE81DC04552C73BB5E2\wntdll.pdb
    not found
    SYMSRV:
    https://msdl.microsoft.com/download/symbols/wntdll.pdb/DCCFF2D483FA4DEE81DC0
    4552C73BB5E2/wntdll.pdb not found
    DBGHELP: wntdll.pdb - file not found
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for
    ntdll.dll -
    DBGHELP: ntdll - export symbols
    SYMSRV: BYINDEX: 0x18
    d:\symbols*https://msdl.microsoft.com/download/symbols
    wkernel32.pdb
    820EEB5D68EF443ABBE61E837F814BE12
    SYMSRV:
    d:\symbols\wkernel32.pdb\820EEB5D68EF443ABBE61E837F814BE12\wkernel32.pdb -
    file not found
    SYMSRV: HTTPGET:
    /download/symbols/wkernel32.pdb/820EEB5D68EF443ABBE61E837F814BE12/wkernel32.
    pdb
    SYMSRV: HttpQueryInfo: 502 - HTTP_STATUS_BAD_GATEWAY
    SYMSRV:
    d:\symbols\wkernel32.pdb\820EEB5D68EF443ABBE61E837F814BE12\wkernel32.pdb not
    found
    SYMSRV:
    https://msdl.microsoft.com/download/symbols/wkernel32.pdb/820EEB5D68EF443ABB
    E61E837F814BE12/wkernel32.pdb not found
    DBGHELP: wkernel32.pdb - file not found
    *** WARNING: symbols timestamp is wrong 0x4dce203f 0x4ce7baf9 for
    kernel32.dll
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for
    kernel32.dll -
    DBGHELP: kernel32 - export symbols

    ************* Symbol Loading Error Summary **************
    Module name Error
    ntdll An extended error was returned from the WinHttp
    server : srv*d:\symbols*https://msdl.microsoft.com/download/symbols
    The .pdb file is probably no longer indexed
    in the symbol server share location.
    Please verify that you have access to the
    symbol server from your location.

    kernel32 An extended error was returned from the WinHttp
    server : srv*d:\symbols*https://msdl.microsoft.com/download/symbols
    The .pdb file is probably no longer indexed
    in the symbol server share location.
    Please verify that you have access to the
    symbol server from your location.


    -----Original Message-----
    From: [email protected]
    [mailto:[email protected]] On Behalf Of Scott Noone
    Sent: 23 November 2016 13:55
    To: Kernel Debugging Interest List <[email protected]>
    Subject: Re:[windbg] Windows 10 Kernel Symbols Not Available?

    Sometimes the user mode symbols don't load because the PE header's debug
    directory is paged out. What does !sym noisy/.reload say when trying to load
    symbols for kernel32.dll?

    -scott
    OSR
    @OSRDrivers

    "Ian Blake" wrote in message news:[email protected]

    ntoskrnl is dowloading now.
    Unfortunately Kernel32.dll is blocking normal operation now :-( I hope
    Microsoft are continuing to index all symbols


    ---
    WINDBG is sponsored by OSR

    OSR is hiring!! Info at http://www.osr.com/careers


    MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
    drivers!
    Details at <http://www.osr.com/seminars&gt;

    To unsubscribe, visit the List Server section of OSR Online at
    <http://www.osronline.com/page.cfm?name=ListServer&gt;
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA