3: kd> vertarget
Windows 8.1 Kernel Version 9600 MP (16 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 9600.19629.amd64fre.winblue_ltsb_escrow.200127-1700
Machine Name:
Kernel base = 0xfffff802`6c688000 PsLoadedModuleList = 0xfffff802`6c94d5f0
Debug session time: Wed Apr 29 20:09:43.380 2020 (UTC + 8:00)
System Uptime: 2 days 14:48:43.591
3: kd> lmvm nt
Browse full module list
start end module name
fffff802`6c688000 fffff802`6ce05000 nt (export symbols) ntkrnlmp.exe
Loaded symbol image file: ntkrnlmp.exe
Image path: ntkrnlmp.exe
Image name: ntkrnlmp.exe
Browse all global symbols functions data
Timestamp: Tue Jan 28 13:29:11 2020 (5E2FC6A7)
CheckSum: 0070705C
ImageSize: 0077D000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
I could not find the symbol of ntkrnlmp.exe with that timestamp from my symbol file path.
Could anyone let me know how to get the symbol file for the dump?
Yes.
Here are the messages after setting to noisy.
3: kd> .reload /f nt
SYMSRV: d:\tmp\sym\ntkrnlmp.pdb\4253B608A3C54483889B5A27143D25011\ntkrnlmp.pdb - file not found
SYMSRV: File: ntkrnlmp.pdb
SYMSRV: Connecting to the Server: https://msdl.microsoft.com/download/symbols.
SYMSRV: Successfully connected to the Server.
SYMSRV: Sending the information request to the server.
SYMSRV: Successfully sent the information request to the server.
SYMSRV: Waiting for the server to respond to a request.
SYMSRV: Successfully received a response from the server.
SYMSRV: Get File Path: /download/symbols/ntkrnlmp.pdb/4253B608A3C54483889B5A27143D25011/ntkrnlmp.pdb
SYMSRV: Sending the information request to the server.
SYMSRV: Successfully sent the information request to the server.
SYMSRV: Waiting for the server to respond to a request.
SYMSRV: Successfully received a response from the server.
SYMSRV: Connecting to the Server: https://msdl.microsoft.com/download/symbols.
SYMSRV: Successfully connected to the Server.
SYMSRV: Closing the connection to the Server.
SYMSRV: Successfully closed the connection to the Server.
*** ERROR: ERROR_INTERNET_SECURITY_CHANNEL_ERROR
SYMSRV: The device is not ready.
SYMSRV: d:\tmp\sym\ntkrnlmp.pdb\4253B608A3C54483889B5A27143D25011\ntkrnlmp.pdb not found
SYMSRV: https://msdl.microsoft.com/download/symbols: not available
DBGHELP: ntkrnlmp.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
DBGHELP: nt - export symbols
Sorry if this is an obvious question, but are you sure the machine running windbg actually has a directory called d:\tmp\sym? Remember that path is on the machine with windbg, NOT on the machine being debugged.
The error ERROR_INTERNET_SECURITY_CHANNEL_ERROR can come from an overly aggressive corporate proxy cache. Are you inside a corporate environment with an overly strict IT department?
@Tim_Roberts said:
Sorry if this is an obvious question, but are you sure the machine running windbg actually has a directory called d:\tmp\sym? Remember that path is on the machine with windbg, NOT on the machine being debugged.
Yes, it has a directory called d:\tmp\sym on my machine running windbg.
The error ERROR_INTERNET_SECURITY_CHANNEL_ERROR can come from an overly aggressive corporate proxy cache. Are you inside a corporate environment with an overly strict IT department?
I’ll check my network environment. Thanks for your hint.