Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

Symbols broken with KB4041691

OSR_Community_UserOSR_Community_User Member Posts: 110,217

We're having trouble with the symbols following the latest Cumulative Update. We are debugging Windows 10 LTSB 14393 and although the symbols for ntkrnlmp are available on the MS Symbol Server, it appears they do not include a definition of _EPROCESS.

If there's anyone from Microsoft reading, is there any chance of updating the public definition of this PDB?



For your information, here is the output from Windbg:

Verbose mode ON.
0: kd> .reload /f nt
Force unload of ntkrnlmp.exe
Loading symbols for fffff800`67e84000 ntkrnlmp.exe -> ntkrnlmp.exe
ModLoad: fffff800`67e84000 fffff800`6869a000 ntkrnlmp.exe
0: kd> lm v m nt
Browse full module list
start end module name
fffff800`67e84000 fffff800`6869a000 nt (pdb symbols) d:\symcache\ntkrnlmp.pdb\0CBB2B1DC6DE4284BB54F28DEE3E0FA81\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: Mon Sep 18 03:16:08 2017 (59BF2C68)
CheckSum: 00775117
ImageSize: 00816000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
0: kd> dt nt!_EPROCESS
dtx is unsupported for this scenario. It only recognizes dtx [<type>] [<address>] with -a, -h, and -r. Reverting to dt.
Symbol nt!_EPROCESS not found.
0: kd> !process
Error in reading nt!_EPROCESS at ffff8805a1cb5040


Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online
Writing WDF Drivers 12 September 2022 Live, Online