On redstone 3 kd: !process 0 0 returns "NT symbols are incorrect"

I used to be able to do “!process 0 0” to list all the processes in the kernel debugging connection.

However, on redstone 3 kd session, I notice that I cannot do !process command anymore. Any idea about how to solve this issue? Thanks!

0: kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
NT symbols are incorrect, please fix symbols

0: kd> lml
start end module name
8100c000 8168d000 nt (export symbols) ntkrpamp.exe
8168d000 816f1000 hal (private pdb symbols) c:\websymbols\halmacpi.pdb\DA0B57721D0A24B26129B847A7978DA31\halmacpi.pdb

0: kd> kn

ChildEBP RetAddr

WARNING: Stack unwind information not available. Following frames may be wrong.
00 803faa1c 810e9f5d nt!DbgBreakPointWithStatus+0x4
01 803faa40 810e80d2 nt!KeClockInterruptNotify+0x7dd
02 803faa90 810e986f nt!KeEnumerateNextProcessor+0x972
03 803faaf0 81694ddd nt!KeClockInterruptNotify+0xef
04 803fab00 816a572b hal!HalpTimerClockInterruptCommon+0x3f
05 803fab00 8115d62e hal!HalpTimerClockInterrupt+0x1f7
06 803fac08 00000000 nt!KiDispatchInterrupt+0x63e

0: kd> .sympath
Symbol search path is: SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols;srv\*

You’re missing the symbols for NT, might be another case of the symbols not
being on the symbol server yet. What does the following say:

!sym noisy
.reload

-scott
OSR
@OSRDrivers

Please share the output Scott asked for and ‘lmvm nt’. I’m already chasing one report of this, just want to make sure you’re reporting the same version.

Sorry for answering late. Actually the issue resolved itself recently without any changes from my side. Probably the symbols are now uploaded to the symbol servers…

I’m running into similar issues, I’ve been reverting my Win10 VM to a previous build to work around it. I even tried downloading the 1709 symbol package online and clearing out the problematic nt symbol from my local symstore. Hoping to get some help or see if someone else is having similar problems:

0: kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
Unable to read _LIST_ENTRY @ fffff8013f546fe0
0: kd> .reload
Connected to Windows 10 15063 x64 target at (Mon Oct 23 06:59:53.413 2017 (UTC - 6:00)), ptr64 TRUE
SYMSRV: BYINDEX: 0xC
c:\symbols*https://msdl.microsoft.com/download/symbols
ntkrnlmp.pdb
10F6DCB09D604445B05C70106B9824CB1
SYMSRV: PATH: c:\symbols\ntkrnlmp.pdb\10F6DCB09D604445B05C70106B9824CB1\ntkrnlmp.pdb
SYMSRV: RESULT: 0x00000000

DBGHELP: nt - public symbols
c:\symbols\ntkrnlmp.pdb\10F6DCB09D604445B05C70106B9824CB1\ntkrnlmp.pdb
Loading Kernel Symbols



Loading User Symbols

Loading unloaded module list

SYMSRV: BYINDEX: 0xD
c:\symbols*https://msdl.microsoft.com/download/symbols
kdnic.pdb
17C6A06774CE93A2F41FCF995ADB0DA41
SYMSRV: PATH: c:\symbols\kdnic.pdb\17C6A06774CE93A2F41FCF995ADB0DA41\kdnic.pdb
SYMSRV: RESULT: 0x00000000

DBGHELP: kdnic - public symbols
c:\symbols\kdnic.pdb\17C6A06774CE93A2F41FCF995ADB0DA41\kdnic.pdb

************* Symbol Loading Error Summary **************
Module name Error
SharedUserData No error - symbol load deferred
Symbol loading has been deferred because this symbol is not needed
at this time. Use reload /f to force load symbols.

0: kd> lmvm nt
Browse full module list
start end module name
fffff8013f201000 fffff8013fa8a000 nt (pdb symbols) c:\symbols\ntkrnlmp.pdb\10F6DCB09D604445B05C70106B9824CB1\ntkrnlmp.pdb
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: Fri Sep 29 01:20:26 2017 (59CDF43A)
CheckSum: 007F2F34
ImageSize: 00889000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4