Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Symbols broken with KB4041691

OSR_Community_UserOSR_Community_User Member Posts: 110,217
Hi,

We're having trouble with the symbols following the latest Cumulative Update. We are debugging Windows 10 LTSB 14393 and although the symbols for ntkrnlmp are available on the MS Symbol Server, it appears they do not include a definition of _EPROCESS.

If there's anyone from Microsoft reading, is there any chance of updating the public definition of this PDB?

Thanks,

Mike.

For your information, here is the output from Windbg:

Verbose mode ON.
0: kd> .reload /f nt
Force unload of ntkrnlmp.exe
Loading symbols for fffff800`67e84000 ntkrnlmp.exe -> ntkrnlmp.exe
ModLoad: fffff800`67e84000 fffff800`6869a000 ntkrnlmp.exe
0: kd> lm v m nt
Browse full module list
start end module name
fffff800`67e84000 fffff800`6869a000 nt (pdb symbols) d:\symcache\ntkrnlmp.pdb\0CBB2B1DC6DE4284BB54F28DEE3E0FA81\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: Mon Sep 18 03:16:08 2017 (59BF2C68)
CheckSum: 00775117
ImageSize: 00816000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
0: kd> dt nt!_EPROCESS
dtx is unsupported for this scenario. It only recognizes dtx [<type>] [<address>] with -a, -h, and -r. Reverting to dt.
Symbol nt!_EPROCESS not found.
0: kd> !process
Error in reading nt!_EPROCESS at ffff8805a1cb5040

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE