Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home WINDBG

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Latest symbols of ntkrnlmp.exe cannot be found from Microsoft public symbol server

Ho_HaoHo_Hao Member Posts: 5
in WINDBG

Hello,

I received a dump file that is dumped from the system with the latest update.
The dump file reports:

FAILURE_EXCEPTION_CODE:  5E2FC6A7

EXCEPTION_STR:  WRONG_SYMBOLS

IMAGE_NAME:  ntoskrnl.wrong.symbols.exe

MODULE_NAME: nt_wrong_symbols

SYMBOL_NAME:  nt_wrong_symbols!5E2FC6A777D000

Here is my symbol file path

SRV*D:\tmp\sym*https://msdl.microsoft.com/download/symbols

3: kd> vertarget
Windows 8.1 Kernel Version 9600 MP (16 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 9600.19629.amd64fre.winblue_ltsb_escrow.200127-1700
Machine Name:
Kernel base = 0xfffff802`6c688000 PsLoadedModuleList = 0xfffff802`6c94d5f0
Debug session time: Wed Apr 29 20:09:43.380 2020 (UTC + 8:00)
System Uptime: 2 days 14:48:43.591

3: kd> lmvm nt
Browse full module list
start             end                 module name
fffff802`6c688000 fffff802`6ce05000   nt         (export symbols)       ntkrnlmp.exe
    Loaded symbol image file: ntkrnlmp.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Browse all global symbols  functions  data
    Timestamp:        Tue Jan 28 13:29:11 2020 (5E2FC6A7)
    CheckSum:         0070705C
    ImageSize:        0077D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

I could not find the symbol of ntkrnlmp.exe with that timestamp from my symbol file path.

Could anyone let me know how to get the symbol file for the dump?

· Share on Facebook

Comments

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 284

    Have you tried
    !sym noisy
    .reload /f nt

    ?

    · Share on Facebook
  • Ho_HaoHo_Hao Member Posts: 5

    Yes.
    Here are the messages after setting to noisy.

    3: kd> .reload /f nt
SYMSRV:  d:\tmp\sym\ntkrnlmp.pdb\4253B608A3C54483889B5A27143D25011\ntkrnlmp.pdb - file not found
SYMSRV:  File: ntkrnlmp.pdb

SYMSRV:  Connecting to the Server: https://msdl.microsoft.com/download/symbols.
SYMSRV:  Successfully connected to the Server.
SYMSRV:  Sending the information request to the server.
SYMSRV:  Successfully sent the information request to the server.
SYMSRV:  Waiting for the server to respond to a request.

SYMSRV:  Successfully received a response from the server.
SYMSRV:  Get File Path: /download/symbols/ntkrnlmp.pdb/4253B608A3C54483889B5A27143D25011/ntkrnlmp.pdb

SYMSRV:  Sending the information request to the server.
SYMSRV:  Successfully sent the information request to the server.
SYMSRV:  Waiting for the server to respond to a request.
SYMSRV:  Successfully received a response from the server.
SYMSRV:  Connecting to the Server: https://msdl.microsoft.com/download/symbols.
SYMSRV:  Successfully connected to the Server.

SYMSRV:  Closing the connection to the Server.
SYMSRV:  Successfully closed the connection to the Server.
*** ERROR: ERROR_INTERNET_SECURITY_CHANNEL_ERROR
SYMSRV:  The device is not ready.
SYMSRV:  d:\tmp\sym\ntkrnlmp.pdb\4253B608A3C54483889B5A27143D25011\ntkrnlmp.pdb not found
SYMSRV:  https://msdl.microsoft.com/download/symbols: not available
DBGHELP: ntkrnlmp.pdb - file not found
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
DBGHELP: nt - export symbols
    · Share on Facebook
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,727

    Sorry if this is an obvious question, but are you sure the machine running windbg actually has a directory called d:\tmp\sym? Remember that path is on the machine with windbg, NOT on the machine being debugged.

    The error ERROR_INTERNET_SECURITY_CHANNEL_ERROR can come from an overly aggressive corporate proxy cache. Are you inside a corporate environment with an overly strict IT department?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

    · Share on Facebook
  • Ho_HaoHo_Hao Member Posts: 5

    @Tim_Roberts said:
    Sorry if this is an obvious question, but are you sure the machine running windbg actually has a directory called d:\tmp\sym? Remember that path is on the machine with windbg, NOT on the machine being debugged.

    Yes, it has a directory called d:\tmp\sym on my machine running windbg.

    The error ERROR_INTERNET_SECURITY_CHANNEL_ERROR can come from an overly aggressive corporate proxy cache. Are you inside a corporate environment with an overly strict IT department?

    I'll check my network environment. Thanks for your hint.

    · Share on Facebook
  • Ho_HaoHo_Hao Member Posts: 5

    @Tim_Roberts Thank you very much. It was my network environment. I have downloaded the symbols.

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 26 Feb - 1 Mar 2024 Live, Online

Categories