Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Windbg 4.0.11 problem

Whitman,_SteveWhitman,_Steve Member Posts: 97
I recently updated to 4.0.11 and I am seeing a problem. I don't know if
this problem existed in the previous version. I set my symbol path to
multiple directories. One of them is myDriver/w2k/checked and another is
myDriver/nt/checked. I then place my w2k checked .pdb file in the
w2k/checked directory and the nt checked .pdb file in the nt/checked
directory.

However when the symbols are loaded it always loads them from the directory
that is first in the path. This means that I pick up the w2k/checked
symbols for my nt check driver when I'm debugging on my NT system.
Shouldn't windbg have detected that the .pdb file was incorrect and tried
the next directory path?

- Steve -


---
You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com

Comments

  • Nathan_NesbitNathan_Nesbit Member Posts: 194
    Perhaps the symbols really do match. Perhaps the nessacary data to
    verify the symbols is paged out so the debugger assumes that you pointed
    it to the right dir.

    How can you tell? Turn on noisy symbol loading. You can do that by
    adding -n to the command line or typing "!sym noisy" followed by
    ".reload". Now you will get extra spew that tells you more of the
    symbol loading details.

    It seems like what you really want is to save 1 sympath in your
    workspace and have that work for everything. If this is go then you
    should look into building your own symbol server for your binaries.
    Check out the docs for information on how to do this.

    -----Original Message-----
    From: Steve Whitman [mailto:[email protected]]
    Sent: Tuesday, November 06, 2001 12:32 PM
    To: Kernel Debugging Interest List
    Subject: [windbg] Windbg 4.0.11 problem

    I recently updated to 4.0.11 and I am seeing a problem. I don't know if
    this problem existed in the previous version. I set my symbol path to
    multiple directories. One of them is myDriver/w2k/checked and another
    is
    myDriver/nt/checked. I then place my w2k checked .pdb file in the
    w2k/checked directory and the nt checked .pdb file in the nt/checked
    directory.

    However when the symbols are loaded it always loads them from the
    directory
    that is first in the path. This means that I pick up the w2k/checked
    symbols for my nt check driver when I'm debugging on my NT system.
    Shouldn't windbg have detected that the .pdb file was incorrect and
    tried
    the next directory path?

    - Steve -


    ---
    You are currently subscribed to windbg as: [email protected]
    To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com

    ---
    You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
  • Whitman,_SteveWhitman,_Steve Member Posts: 97
    I'm pretty sure that the symbols shouldn't match. The Win2k driver and the
    NT driver have different source files. In addition, when I place a
    breakpoint on a function in my driver and the Win2K symbols are loaded the
    breakpoint is placed on the wrong source line. When I use the correct
    symbols the breakpoint is placed correctly. I also believe the driver is
    not paged out.

    Here is the result (edited) of a .reload and lm command. From what I can
    see Windbg complains that the image header doesn't match but it uses the
    .pdb file anyways.

    Symbol search path is:
    c:\symbols\fg8120\w2k\debug;c:\symbols\fg8120\nt\debug;c:\symbols\nt4\sp6a;c
    :\symbols\nt4\sp5;srv*e:\symbols*http://msdl.microsoft.com/download/symbols

    kd> .reload /f fg8120.sys
    DBGHELP: diaLocatePDB-> Looking for
    c:\symbols\fg8120\w2k\debug\symbols\sys\fg8120.pdb... file not found
    DBGHELP: diaLocatePDB-> Looking for
    c:\symbols\fg8120\w2k\debug\sys\fg8120.pdb... file not found
    DBGHELP: diaLocatePDB-> Looking for
    c:\symbols\fg8120\w2k\debug\fg8120.pdb... unknown pdb sig OK
    SYMSRV:
    http://msdl.microsoft.com/download/symbols/fg8120.sys/00000000d000/fg8120.sy
    s/fg8120.sys not found.
    SYMSRV:
    http://msdl.microsoft.com/download/symbols/fg8120.sys/00000000d000/fg8120.sy
    _/fg8120.sy_ not found.
    SYMSRV: e:\symbols\fg8120.sys\00000000d000\fg8120.sys - file not found.
    DBGENG: e:\symbols\fg8120.sys\00000000d000\fg8120.sys image header does not
    match memory image header
    DBGHELP: FindExecutableImageEx-> Looking for C:\Program Files\Debugging
    Tools for Windows\fg8120.sys... no file
    DBGENG: fg8120.sys image header does not match memory image header
    kd> lm
    start end module name
    80010000 8001cca0 hal (codeview symbols)
    c:\symbols\nt4\sp5\symbols\dll\hal.dbg
    80100000 801da000 nt (codeview symbols)
    c:\symbols\nt4\sp5\symbols\exe\ntoskrnl.dbg
    fd9b7000 fd9c4000 fg8120 c:\symbols\fg8120\w2k\debug\fg8120.pdb

    - Steve -

    > -----Original Message-----
    > From: Nathan Nesbit [mailto:[email protected]]
    > Sent: Tuesday, November 06, 2001 3:45 PM
    > To: Kernel Debugging Interest List
    > Cc: [email protected]
    > Subject: RE: [windbg] Windbg 4.0.11 problem
    >
    >
    > Perhaps the symbols really do match. Perhaps the nessacary data to
    > verify the symbols is paged out so the debugger assumes that
    > you pointed
    > it to the right dir.
    >
    > How can you tell? Turn on noisy symbol loading. You can do that by
    > adding -n to the command line or typing "!sym noisy" followed by
    > ".reload". Now you will get extra spew that tells you more of the
    > symbol loading details.
    >
    > It seems like what you really want is to save 1 sympath in your
    > workspace and have that work for everything. If this is go then you
    > should look into building your own symbol server for your binaries.
    > Check out the docs for information on how to do this.
    >
    > -----Original Message-----
    > From: Steve Whitman [mailto:[email protected]]
    > Sent: Tuesday, November 06, 2001 12:32 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] Windbg 4.0.11 problem
    >
    > I recently updated to 4.0.11 and I am seeing a problem. I
    > don't know if
    > this problem existed in the previous version. I set my symbol path to
    > multiple directories. One of them is myDriver/w2k/checked and another
    > is
    > myDriver/nt/checked. I then place my w2k checked .pdb file in the
    > w2k/checked directory and the nt checked .pdb file in the nt/checked
    > directory.
    >
    > However when the symbols are loaded it always loads them from the
    > directory
    > that is first in the path. This means that I pick up the w2k/checked
    > symbols for my nt check driver when I'm debugging on my NT system.
    > Shouldn't windbg have detected that the .pdb file was incorrect and
    > tried
    > the next directory path?
    >
    > - Steve -
    >
    >
    > ---
    > You are currently subscribed to windbg as: [email protected]
    > To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    >

    ---
    You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
  • Nathan_NesbitNathan_Nesbit Member Posts: 194
    "unknown pdb sig OK" means that the debugger was unable to verify that
    the PDB matched the image being debugged. This is usually caused by the
    image header or the debug directory being paged out. But it loaded it
    anyway on the assumption that the user pointed it at the right sympath.

    It looks like it then went looking for a copy of the image in order to
    try and find the missing info. It looks like it found an image at
    e:\symbols\fg8120.sys\00000000d000\fg8120.sys but it didn't match.

    I don't know what to say except to stop pointing the debugger at the
    wrong symbols. The debugger makes the assumption that the user knows
    the right sympath and provides it. Symbol server is the only real
    supported way to combine symbols from multiple builds into 1 sympath.


    -----Original Message-----
    From: Steve Whitman [mailto:[email protected]]
    Sent: Tuesday, November 06, 2001 1:11 PM
    To: Nathan Nesbit; Kernel Debugging Interest List
    Subject: RE: [windbg] Windbg 4.0.11 problem

    I'm pretty sure that the symbols shouldn't match. The Win2k driver and
    the
    NT driver have different source files. In addition, when I place a
    breakpoint on a function in my driver and the Win2K symbols are loaded
    the
    breakpoint is placed on the wrong source line. When I use the correct
    symbols the breakpoint is placed correctly. I also believe the driver
    is
    not paged out.

    Here is the result (edited) of a .reload and lm command. From what I
    can
    see Windbg complains that the image header doesn't match but it uses the
    .pdb file anyways.

    Symbol search path is:
    c:\symbols\fg8120\w2k\debug;c:\symbols\fg8120\nt\debug;c:\symbols\nt4\sp
    6a;c
    :\symbols\nt4\sp5;srv*e:\symbols*http://msdl.microsoft.com/download/symb
    ols

    kd> .reload /f fg8120.sys
    DBGHELP: diaLocatePDB-> Looking for
    c:\symbols\fg8120\w2k\debug\symbols\sys\fg8120.pdb... file not found
    DBGHELP: diaLocatePDB-> Looking for
    c:\symbols\fg8120\w2k\debug\sys\fg8120.pdb... file not found
    DBGHELP: diaLocatePDB-> Looking for
    c:\symbols\fg8120\w2k\debug\fg8120.pdb... unknown pdb sig OK
    SYMSRV:
    http://msdl.microsoft.com/download/symbols/fg8120.sys/00000000d000/fg812
    0.sy
    s/fg8120.sys not found.
    SYMSRV:
    http://msdl.microsoft.com/download/symbols/fg8120.sys/00000000d000/fg812
    0.sy
    _/fg8120.sy_ not found.
    SYMSRV: e:\symbols\fg8120.sys\00000000d000\fg8120.sys - file not found.
    DBGENG: e:\symbols\fg8120.sys\00000000d000\fg8120.sys image header does
    not
    match memory image header
    DBGHELP: FindExecutableImageEx-> Looking for C:\Program Files\Debugging
    Tools for Windows\fg8120.sys... no file
    DBGENG: fg8120.sys image header does not match memory image header
    kd> lm
    start end module name
    80010000 8001cca0 hal (codeview symbols)
    c:\symbols\nt4\sp5\symbols\dll\hal.dbg
    80100000 801da000 nt (codeview symbols)
    c:\symbols\nt4\sp5\symbols\exe\ntoskrnl.dbg
    fd9b7000 fd9c4000 fg8120 c:\symbols\fg8120\w2k\debug\fg8120.pdb

    - Steve -

    > -----Original Message-----
    > From: Nathan Nesbit [mailto:[email protected]]
    > Sent: Tuesday, November 06, 2001 3:45 PM
    > To: Kernel Debugging Interest List
    > Cc: [email protected]
    > Subject: RE: [windbg] Windbg 4.0.11 problem
    >
    >
    > Perhaps the symbols really do match. Perhaps the nessacary data to
    > verify the symbols is paged out so the debugger assumes that
    > you pointed
    > it to the right dir.
    >
    > How can you tell? Turn on noisy symbol loading. You can do that by
    > adding -n to the command line or typing "!sym noisy" followed by
    > ".reload". Now you will get extra spew that tells you more of the
    > symbol loading details.
    >
    > It seems like what you really want is to save 1 sympath in your
    > workspace and have that work for everything. If this is go then you
    > should look into building your own symbol server for your binaries.
    > Check out the docs for information on how to do this.
    >
    > -----Original Message-----
    > From: Steve Whitman [mailto:[email protected]]
    > Sent: Tuesday, November 06, 2001 12:32 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] Windbg 4.0.11 problem
    >
    > I recently updated to 4.0.11 and I am seeing a problem. I
    > don't know if
    > this problem existed in the previous version. I set my symbol path to
    > multiple directories. One of them is myDriver/w2k/checked and another
    > is
    > myDriver/nt/checked. I then place my w2k checked .pdb file in the
    > w2k/checked directory and the nt checked .pdb file in the nt/checked
    > directory.
    >
    > However when the symbols are loaded it always loads them from the
    > directory
    > that is first in the path. This means that I pick up the w2k/checked
    > symbols for my nt check driver when I'm debugging on my NT system.
    > Shouldn't windbg have detected that the .pdb file was incorrect and
    > tried
    > the next directory path?
    >
    > - Steve -
    >
    >
    > ---
    > You are currently subscribed to windbg as: [email protected]
    > To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    >

    ---
    You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
  • Whitman,_SteveWhitman,_Steve Member Posts: 97
    Thanks, I'll look into setting up a symbol server.

    - Steve -

    > -----Original Message-----
    > From: Nathan Nesbit [mailto:[email protected]]
    > Sent: Tuesday, November 06, 2001 4:25 PM
    > To: Steve Whitman; Kernel Debugging Interest List
    > Subject: RE: [windbg] Windbg 4.0.11 problem
    >
    >
    > "unknown pdb sig OK" means that the debugger was unable to verify that
    > the PDB matched the image being debugged. This is usually
    > caused by the
    > image header or the debug directory being paged out. But it loaded it
    > anyway on the assumption that the user pointed it at the
    > right sympath.
    >
    > It looks like it then went looking for a copy of the image in order to
    > try and find the missing info. It looks like it found an image at
    > e:\symbols\fg8120.sys\00000000d000\fg8120.sys but it didn't match.
    >
    > I don't know what to say except to stop pointing the debugger at the
    > wrong symbols. The debugger makes the assumption that the user knows
    > the right sympath and provides it. Symbol server is the only real
    > supported way to combine symbols from multiple builds into 1 sympath.
    >
    >
    > -----Original Message-----
    > From: Steve Whitman [mailto:[email protected]]
    > Sent: Tuesday, November 06, 2001 1:11 PM
    > To: Nathan Nesbit; Kernel Debugging Interest List
    > Subject: RE: [windbg] Windbg 4.0.11 problem
    >
    > I'm pretty sure that the symbols shouldn't match. The Win2k
    > driver and
    > the
    > NT driver have different source files. In addition, when I place a
    > breakpoint on a function in my driver and the Win2K symbols are loaded
    > the
    > breakpoint is placed on the wrong source line. When I use the correct
    > symbols the breakpoint is placed correctly. I also believe the driver
    > is
    > not paged out.
    >
    > Here is the result (edited) of a .reload and lm command. From what I
    > can
    > see Windbg complains that the image header doesn't match but
    > it uses the
    > .pdb file anyways.
    >
    > Symbol search path is:
    > c:\symbols\fg8120\w2k\debug;c:\symbols\fg8120\nt\debug;c:\symb
    > ols\nt4\sp
    > 6a;c
    > :\symbols\nt4\sp5;srv*e:\symbols*http://msdl.microsoft.com/dow
    > nload/symb
    > ols
    >
    > kd> .reload /f fg8120.sys
    > DBGHELP: diaLocatePDB-> Looking for
    > c:\symbols\fg8120\w2k\debug\symbols\sys\fg8120.pdb... file not found
    > DBGHELP: diaLocatePDB-> Looking for
    > c:\symbols\fg8120\w2k\debug\sys\fg8120.pdb... file not found
    > DBGHELP: diaLocatePDB-> Looking for
    > c:\symbols\fg8120\w2k\debug\fg8120.pdb... unknown pdb sig OK
    > SYMSRV:
    > http://msdl.microsoft.com/download/symbols/fg8120.sys/00000000
    > d000/fg812
    > 0.sy
    > s/fg8120.sys not found.
    > SYMSRV:
    > http://msdl.microsoft.com/download/symbols/fg8120.sys/00000000
    > d000/fg812
    > 0.sy
    > _/fg8120.sy_ not found.
    > SYMSRV: e:\symbols\fg8120.sys\00000000d000\fg8120.sys - file
    > not found.
    > DBGENG: e:\symbols\fg8120.sys\00000000d000\fg8120.sys image
    > header does
    > not
    > match memory image header
    > DBGHELP: FindExecutableImageEx-> Looking for C:\Program
    > Files\Debugging
    > Tools for Windows\fg8120.sys... no file
    > DBGENG: fg8120.sys image header does not match memory image header
    > kd> lm
    > start end module name
    > 80010000 8001cca0 hal (codeview symbols)
    > c:\symbols\nt4\sp5\symbols\dll\hal.dbg
    > 80100000 801da000 nt (codeview symbols)
    > c:\symbols\nt4\sp5\symbols\exe\ntoskrnl.dbg
    > fd9b7000 fd9c4000 fg8120
    > c:\symbols\fg8120\w2k\debug\fg8120.pdb
    >
    > - Steve -
    >
    > > -----Original Message-----
    > > From: Nathan Nesbit [mailto:[email protected]]
    > > Sent: Tuesday, November 06, 2001 3:45 PM
    > > To: Kernel Debugging Interest List
    > > Cc: [email protected]
    > > Subject: RE: [windbg] Windbg 4.0.11 problem
    > >
    > >
    > > Perhaps the symbols really do match. Perhaps the nessacary data to
    > > verify the symbols is paged out so the debugger assumes that
    > > you pointed
    > > it to the right dir.
    > >
    > > How can you tell? Turn on noisy symbol loading. You can do that by
    > > adding -n to the command line or typing "!sym noisy" followed by
    > > ".reload". Now you will get extra spew that tells you more of the
    > > symbol loading details.
    > >
    > > It seems like what you really want is to save 1 sympath in your
    > > workspace and have that work for everything. If this is go then you
    > > should look into building your own symbol server for your binaries.
    > > Check out the docs for information on how to do this.
    > >
    > > -----Original Message-----
    > > From: Steve Whitman [mailto:[email protected]]
    > > Sent: Tuesday, November 06, 2001 12:32 PM
    > > To: Kernel Debugging Interest List
    > > Subject: [windbg] Windbg 4.0.11 problem
    > >
    > > I recently updated to 4.0.11 and I am seeing a problem. I
    > > don't know if
    > > this problem existed in the previous version. I set my
    > symbol path to
    > > multiple directories. One of them is myDriver/w2k/checked
    > and another
    > > is
    > > myDriver/nt/checked. I then place my w2k checked .pdb file in the
    > > w2k/checked directory and the nt checked .pdb file in the nt/checked
    > > directory.
    > >
    > > However when the symbols are loaded it always loads them from the
    > > directory
    > > that is first in the path. This means that I pick up the
    > w2k/checked
    > > symbols for my nt check driver when I'm debugging on my NT system.
    > > Shouldn't windbg have detected that the .pdb file was incorrect and
    > > tried
    > > the next directory path?
    > >
    > > - Steve -
    > >
    > >
    > > ---
    > > You are currently subscribed to windbg as: [email protected]
    > > To unsubscribe send a blank email to
    > leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
    > >
    >

    ---
    You are currently subscribed to windbg as: $subst('Recip.EmailAddr')
    To unsubscribe send a blank email to leave-windbg-$subst('Recip.MemberIDChar')@lists.osr.com
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 24 January 2022 Live, Online
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online