Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home WINDBG

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Missing recent ntoskrnl from public symbol server

Takin_Nili-EsfahaniTakin_Nili-Esfahani Member Posts: 10
edited July 2019 in WINDBG

I am hoping someone from MSFT reads this forum and can forward this to the appropriate team. These versions are not found on the public symbol server.

1: kd> vertarget
Windows 10 Kernel Version 17134 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 17134.1.amd64fre.rs4_release.180410-1804
Machine Name:
Kernel base = 0xfffff80076093000 PsLoadedModuleList = 0xfffff80076440170
Debug session time: Sun Jun 23 20:58:36.570 2019 (UTC - 7:00)
System Uptime: 0 days 21:00:56.847

SYMSRV: BYINDEX: 0x278
https://msdl.microsoft.com/download/symbols
ntkrnlmp.exe
5CF9F460954000

2: kd> vertarget
Windows 10 Kernel Version 18362 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff80342800000 PsLoadedModuleList = 0xfffff80342c43370
Debug session time: Mon Jun 24 00:52:59.254 2019 (UTC - 7:00)
System Uptime: 4 days 21:09:46.242

SYMSRV: BYINDEX: 0x188
https://msdl.microsoft.com/download/symbols
ntkrpamp.exe
EADCD02Bab2000

· Share on Facebook

Comments

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,556

    What does

    !sym noisy
.reload

    Say?

    -scott
    OSR

    · Share on Facebook
  • Takin_Nili-EsfahaniTakin_Nili-Esfahani Member Posts: 10

    The problem turned out to be that ntoskrnl.exe 17134 (RS4) dated 6/6/2019 is not found on the MSFT symbol server. I was debugging a mini dump and apparently this is a show stopper. When I applied the update on a test system and pointed the debugger to the file using .exepath or "-i ImagePath" it resolves the problem. I haven't verified but I believe the same problem exists for 17763 and 18362 builds.

    I can't include the complete output of those commands because it exceeds the limit. Here is the version of ntoskrnl.exe that was giving me grief:

    0: kd> lmvm nt
    Browse full module list
    start end module name
    fffff8011baa7000 fffff8011c3fb000 nt T (no symbols)
    Loaded symbol image file: ntoskrnl.exe
    Image path: \SystemRoot\system32\ntoskrnl.exe
    Image name: ntoskrnl.exe
    Browse all global symbols functions data
    Timestamp: Thu Jun 6 22:21:36 2019 (5CF9F460)
    CheckSum: 008ACBFC
    ImageSize: 00954000
    Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 January 2023 Live, Online
Developing Minifilters 20 March 2023 Live, Online
Internals & Software Drivers 17 April 2023 Live, Online
Writing WDF Drivers 22 May 2023 Live, Online

Categories