I’m trying to analyze a Windows 10 Crash dump and I’m getting:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
My symbols were working a couple of days ago. I noticed my Kernel was recently updated to build 14393 and the kernel symbols haven’t been working since. I don’t think it’s a problem with my symbol path, which is: srv*c:\symbols*https://msdl.microsoft.com/download/symbols
When I reload with !sym noisy I get HTTP_STATUS_NOT_FOUND for ntkrnlmp.pdb. Any ideas what’s wrong? Appreciate any help.
I’ve had lots of problems with symbols over the last few days.
It’s regularly slow pulling them from the symbol server, and occasionally it
fails to pull them entirely. If I leave it for a while and retry, it works
again.
When it goes down I’m unable to work, so I’ve resorted to keeping an offline
cache as it’s too unreliable at the moment.
It was down a few months ago for over a week. Are MS losing interest in
keeping this service reliable?
I’m trying to analyze a Windows 10 Crash dump and I’m getting:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
My symbols were working a couple of days ago. I noticed my Kernel was recently updated to build 14393 and the kernel symbols haven’t been working since. I don’t think it’s a problem with my symbol path, which is: srvc:\symbolshttps://msdl.microsoft.com/download/symbols
When I reload with !sym noisy I get HTTP_STATUS_NOT_FOUND for ntkrnlmp.pdb. Any ideas what’s wrong? Appreciate any help.
Not sure which settings menu you’re talking about but the meta info on my ntoskrnl.exe file shows File version 10.0.14393.447. Under “Original filename” it indicates it’s the ntkrnlmp.exe variant of the kernel. Here’s the noisy output for the kernel symbols:
1: kd> .reload
SYMSRV: BYINDEX: 0x11
c:\symbols*https://msdl.microsoft.com/download/symbols
ntkrnlmp.pdb
4DAC3B582A9147ECAED2644CB165222B1
SYMSRV: c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb - file not found
SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb
SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
SYMSRV: c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb not found
SYMSRV: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb not found
DBGHELP: ntkrnlmp.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
DBGHELP: nt - export symbols
Loading Kernel Symbols
well i think he is talking about the setting app in windows 10 which
you can open by
hotkey winkey + i
or using cmd prompt and typing in start ms-settings
or using explorer context menu rightclick -on desktop select settings
or may be even with wmic
C:\>wmic os get BuildNumber
BuildNumber
7601
you also should be aware that there is a lot of problems with symbol
server for the past few months some times you get 404 for several
times and then you can download it magically
On 11/11/16, xxxxx@gmail.com wrote: > Not sure which settings menu you’re talking about but the meta info on my > ntoskrnl.exe file shows File version 10.0.14393.447. Under “Original > filename” it indicates it’s the ntkrnlmp.exe variant of the kernel. Here’s > the noisy output for the kernel symbols: > > 1: kd> .reload > SYMSRV: BYINDEX: 0x11 > c:\symbols*https://msdl.microsoft.com/download/symbols > ntkrnlmp.pdb > 4DAC3B582A9147ECAED2644CB165222B1 > SYMSRV: > c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb - > file not found > SYMSRV: HTTPGET: > /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb > > SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND > SYMSRV: HTTPGET: > /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pd_ > > SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND > SYMSRV: HTTPGET: > /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/file.ptr > > SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND > SYMSRV: > c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb not > found > SYMSRV: > https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb > not found > DBGHELP: ntkrnlmp.pdb - file not found > *** ERROR: Symbol file could not be found. Defaulted to export symbols for > ntkrnlmp.exe - > DBGHELP: nt - export symbols > Loading Kernel Symbols > > > > — > WINDBG is sponsored by OSR > > OSR is hiring!! Info at http://www.osr.com/careers > > > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software > drivers! > Details at http: > > To unsubscribe, visit the List Server section of OSR Online at > http: ></http:></http:>
Ok thanks for the info. It was working great earlier this week until that update got installed. I’ve tried lots of times so I don’t think it’s just intermittent problems with reaching the server. I’m wondering if maybe they haven’t published the symbols yet…
All was fine and dandy couple of days back. I was able to even use source indexed KMDF stuff. Now I get below.
My versions
OS:
Win10 Enterprise / Build 14393.rs1_release_inmarket.161102-0100 (at bottom right corner)
Edition: Win10 Enterprise Version: 1607, OS Build: 14393.447 (from winkey + i)
MS VS Enterprise 2015 - 14.0.25431.01 Update 3
SDK - 10.0.14393.0
WDK - 10.0.14393.33
Windbg - 10.0.14321.1024 AMD64
Who installs Windbg ? i.e. VS or SDK or WDK?
Thinking I have old Windbg, I tried installing Windbg separately from below link, but it doesn’t allow, asks me uninstall/reinstall SDK. Anyways even after doing that, the windbg version is same as above. https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit
It would be better to list the version of Windbg included in a VS, SDK, WDK somewhere?
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
1: kd> .reload /f nt
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
1: kd> !sym noisy
noisy mode - symbol prompts on
1: kd> .reload /f nt
SYMSRV: BYINDEX: 0x7
c:\symbols*http://msdl.microsoft.com/download/symbols
ntkrnlmp.pdb
4DAC3B582A9147ECAED2644CB165222B1
SYMSRV: c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb - file not found
SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb
SYMSRV: HttpSendRequest: 12002 - ERROR_INTERNET_TIMEOUT
SYMSRV: c:\symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/4DAC3B582A9147ECAED2644CB165222B1/ntkrnlmp.pdb not found
DBGHELP: ntkrnlmp.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
DBGHELP: nt - export symbols
I am having exactly the same problem with ntkrnlmp symbols not working for Windows 10 1607 x64. This is been going on like this since Monday.
Anyone was able to resolve the problem? I am amazed that I never had such problems with symbols since 2k days and now this is going on like this for a week and it is not fixed …
3: kd> lmDvmnt
Browse full module list
start end module name
fffff803ae21b000 fffff803aea3b000 nt (pdb symbols) c:_symbols\ntkrnlmp.pdb\4DAC3B582A9147ECAED2644CB165222B1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: Wed Nov 2 03:17:03 2016 (5819BD1F)
CheckSum: 0077E1C5
ImageSize: 00820000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Sometimes the user mode symbols don’t load because the PE header’s debug
directory is paged out. What does !sym noisy/.reload say when trying to load
symbols for kernel32.dll?
I’ve been getting all sorts of errors from the symbol server over the past
few months.
Not sure if it’s the same as the OP, but here’s my daily surprise error for
today
0:006> !sym noisy
noisy mode - symbol prompts on
0:006> .reload
…
SYMSRV: BYINDEX: 0x17
d:\symbols*https://msdl.microsoft.com/download/symbols
wntdll.pdb
DCCFF2D483FA4DEE81DC04552C73BB5E2
SYMSRV: d:\symbols\wntdll.pdb\DCCFF2D483FA4DEE81DC04552C73BB5E2\wntdll.pdb
file not found
SYMSRV: HTTPGET:
/download/symbols/wntdll.pdb/DCCFF2D483FA4DEE81DC04552C73BB5E2/wntdll.pdb
SYMSRV: HttpQueryInfo: 502 - HTTP_STATUS_BAD_GATEWAY
SYMSRV: d:\symbols\wntdll.pdb\DCCFF2D483FA4DEE81DC04552C73BB5E2\wntdll.pdb
not found
SYMSRV: https://msdl.microsoft.com/download/symbols/wntdll.pdb/DCCFF2D483FA4DEE81DC0
4552C73BB5E2/wntdll.pdb not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntdll.dll -
DBGHELP: ntdll - export symbols
SYMSRV: BYINDEX: 0x18
d:\symbols*https://msdl.microsoft.com/download/symbols
wkernel32.pdb
820EEB5D68EF443ABBE61E837F814BE12
SYMSRV:
d:\symbols\wkernel32.pdb\820EEB5D68EF443ABBE61E837F814BE12\wkernel32.pdb -
file not found
SYMSRV: HTTPGET:
/download/symbols/wkernel32.pdb/820EEB5D68EF443ABBE61E837F814BE12/wkernel32.
pdb
SYMSRV: HttpQueryInfo: 502 - HTTP_STATUS_BAD_GATEWAY
SYMSRV:
d:\symbols\wkernel32.pdb\820EEB5D68EF443ABBE61E837F814BE12\wkernel32.pdb not
found
SYMSRV: https://msdl.microsoft.com/download/symbols/wkernel32.pdb/820EEB5D68EF443ABB
E61E837F814BE12/wkernel32.pdb not found
DBGHELP: wkernel32.pdb - file not found
*** WARNING: symbols timestamp is wrong 0x4dce203f 0x4ce7baf9 for
kernel32.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
kernel32.dll -
DBGHELP: kernel32 - export symbols
************* Symbol Loading Error Summary **************
Module name Error
ntdll An extended error was returned from the WinHttp
server : srv*d:\symbols*https://msdl.microsoft.com/download/symbols
The .pdb file is probably no longer indexed
in the symbol server share location.
Please verify that you have access to the
symbol server from your location.
kernel32 An extended error was returned from the WinHttp
server : srv*d:\symbols*https://msdl.microsoft.com/download/symbols
The .pdb file is probably no longer indexed
in the symbol server share location.
Please verify that you have access to the
symbol server from your location.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: 23 November 2016 13:55
To: Kernel Debugging Interest List Subject: Re:[windbg] Windows 10 Kernel Symbols Not Available?
Sometimes the user mode symbols don’t load because the PE header’s debug directory is paged out. What does !sym noisy/.reload say when trying to load symbols for kernel32.dll?