lkd .reload /u

Hi,

a very basic question about .reload /u command in lkd. Quoting windbg documentation about /u: “Unloads the specified module and all its symbols. The debugger unloads any loaded module whose name matches Module, regardless of the full path. Image names are also searched”

lkd> lm
start end module name
fffff8000285a000 fffff80002e44000 nt (pdb symbols) websymbols\ntkrnlmp.pdb\3844DBB920174967BE7AA4A2C20430FA2\ntkrnlmp.pdb

Unloaded modules:
fffff880019c9000 fffff880019d7000 crashdmp.sys
fffff880019d7000 fffff880019e3000 dump_pciidex.sys
fffff880019e3000 fffff880019ee000 dump_msahci.sys
fffff88001600000 fffff88001613000 dump_dumpfve.sys
fffff88004b78000 fffff88004b95000 serial.sys
lkd> .reload /u
Unloaded all modules
lkd> lm
start end module name

Unloaded modules:
fffff880019c9000 fffff880019d7000 crashdmp.sys
fffff880019d7000 fffff880019e3000 dump_pciidex.sys
fffff880019e3000 fffff880019ee000 dump_msahci.sys
fffff88001600000 fffff88001613000 dump_dumpfve.sys
fffff88004b78000 fffff88004b95000 serial.sys
lkd>

Now it seems to me the option /u basically unload symbols for (loaded) module but it does NOT unload the (loaded) modules themselves…Am I right ?

Correct.

WinDbg keeps a shadow copy of the target machine’s loaded module list on the
host. .reload /u simply unloads the module from the shadow copy on the host
but does not affect the target.

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@windbg…

Hi,

a very basic question about .reload /u command in lkd. Quoting windbg
documentation about /u: “Unloads the specified module and all its symbols.
The debugger unloads any loaded module whose name matches Module, regardless
of the full path. Image names are also searched”

lkd> lm
start end module name
fffff8000285a000 fffff80002e44000 nt (pdb symbols)
websymbols\ntkrnlmp.pdb\3844DBB920174967BE7AA4A2C20430FA2\ntkrnlmp.pdb

Unloaded modules:
fffff880019c9000 fffff880019d7000 crashdmp.sys
fffff880019d7000 fffff880019e3000 dump_pciidex.sys
fffff880019e3000 fffff880019ee000 dump_msahci.sys
fffff88001600000 fffff88001613000 dump_dumpfve.sys
fffff88004b78000 fffff88004b95000 serial.sys
lkd> .reload /u
Unloaded all modules
lkd> lm
start end module name

Unloaded modules:
fffff880019c9000 fffff880019d7000 crashdmp.sys
fffff880019d7000 fffff880019e3000 dump_pciidex.sys
fffff880019e3000 fffff880019ee000 dump_msahci.sys
fffff88001600000 fffff88001613000 dump_dumpfve.sys
fffff88004b78000 fffff88004b95000 serial.sys
lkd>

Now it seems to me the option /u basically unload symbols for (loaded)
module but it does NOT unload the (loaded) modules themselves…Am I right
?

Thanks Scott, but in which cases could be useful to unload a module (from host’s shadow copy list) and then eventually reload it (including symbols) ?

Hello,

* On Fri, Nov 07, 2014 at 03:47:56AM -0500 xxxxx@alice.it wrote:

Thanks Scott, but in which cases could be useful to unload a module (from host’s shadow copy list) and then eventually reload it (including symbols) ?

  1. You want to modify the PDB of the loaded module, because you have
    just recompiled it. WinDBG does not allow modification of the PDB,
    thus, you have to unload the module.

  2. After you started debugging, you find out that you have the wrong PDB
    for your module. Just unload it, put the right PDB in place, and
    reload it.

Regards,
Spiro.


Spiro R. Trikaliotis
http://www.trikaliotis.net/

The most common reason why people do the “.reload /u” thing just as a way of
getting WinDbg to release the PDB on the host. This lets you build a new
version of your driver while the old one is still loaded on the target.

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@windbg…

Thanks Scott, but in which cases could be useful to unload a module (from
host’s shadow copy list) and then eventually reload it (including symbols) ?