What looks like is happening is that some of the PE headers for
ntdll.dll are paged out. This means the debugger can’t get the
information needed to match symbols.
When you use the MS symbol server the debugger has enough information to
retrieve a copy of the PE headers from the symbol server. Then armed
with this new information it is able to go looking for a matching PDB.
Without the MS symbol server the debugger can’t find a copy of the PE
headers, so it falls back on hardcoded rules to guess the PDB. As you
noticed guessing isn’t always very successful.
The message “*** ERROR: Module load completed but symbols could not be
loaded” would be expected whenever PE headers are paged out.
On a live machine you can attempt to page in the headers with .pagein.
On either live or dump you can do any of the following:
- run symstore on binaries to add them to your local symbol
server
- Use “old style” symbol paths and place ntdll.pdb (and
ntdll.dll if you have it) in the symbol path. NOTE with this option the
debugger can’t verify if the symbols match and so if you provide the
wrong PDB then the debugger will use it without complaining.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ampsi Ho
Sent: Tuesday, February 17, 2004 2:27 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] Loading symbols
to further add on, i set SYMOPT_DEBUG on and catch the trace for
“.reload”.
if i use Microsoft’s symstore, the trace is as follows:
SYMSRV: ntdll.dl_ from http://msdl.microsoft.com/download/symbols:
271034
bytes copied
DBGHELP: d:\symbols\ntdll.dll\3D6DFA28a7000\ntdll.dll - OK
DBGENG: Partial symbol load found image
d:\symbols\ntdll.dll\3D6DFA28a7000\ntdll.dll.
SYMSRV: ntdll.pd_ from http://msdl.microsoft.com/download/symbols:
307596
bytes copied
DBGHELP: ntdll - public symbols
d:\symbols\ntdll.pdb\3D6DE29B2\ntdll.pdb
however, if i use my own symstore, this is the trace:
DBGHELP: D:\Program Files\Debugging Tools for Windows\ntdll.dll - file
not
found
DBGHELP: ntdll.dll not found in e:\symbols_own
DBGHELP: ntdll.dll not found in e:\symbols_own\backup
SYMSRV: e:\symbols\ntdll.dll\3D6DFA28a7000\ntdll.dll not found
SYMSRV: http://scooter/symstore/ntdll.dll/3D6DFA28a7000/ntdll.dll not
found
DBGHELP: D:\Program Files\Debugging Tools for Windows\ntdll.dll - file
not
found
DBGHELP: ntdll.dll not found in e:\symbols_own
DBGHELP: ntdll.dll not found in e:\symbols_own\backup
DBGENG: C:\WINDOWS\System32\ntdll.dll - Couldn’t map image from disk.
DBGHELP: No debug info for ntdll.dll. Searching for dbg file
SYMSRV: e:\symbols\ntdll.dbg\3D6DFA28a7000\ntdll.dbg not found
SYMSRV: http://scooter/symstore/ntdll.dbg/3D6DFA28a7000/ntdll.dbg not
found
DBGHELP: e:\symbols_own\ntdll.dbg - file not found
DBGHELP: e:\symbols_own\symbols\dll\ntdll.dbg - path not found
DBGHELP: e:\symbols_own\dll\ntdll.dbg - path not found
DBGHELP: e:\symbols_own\backup\ntdll.dbg - file not found
DBGHELP: e:\symbols_own\backup\symbols\dll\ntdll.dbg - path not found
DBGHELP: e:\symbols_own\backup\dll\ntdll.dbg - path not found
DBGHELP: ntdll.dll missing debug info. Searching for pdb anyway
DBGHELP: Can’t use symbol server for ntdll.pdb - no header information
available
DBGHELP: e:\symbols_own\ntdll.pdb - file not found
DBGHELP: e:\symbols_own\symbols\dll\ntdll.pdb - file not found
DBGHELP: e:\symbols_own\dll\ntdll.pdb - file not found
DBGHELP: e:\symbols_own\backup\ntdll.pdb - file not found
DBGHELP: e:\symbols_own\backup\symbols\dll\ntdll.pdb - file not found
DBGHELP: e:\symbols_own\backup\dll\ntdll.pdb - file not found
DBGHELP: ntdll.pdb - file not found
*** ERROR: Module load completed but symbols could not be loaded for
ntdll.dll
DBGHELP: ntdll - no symbols loaded
seems like windbg is trying to look for ntdll.dbg on my symstore instead
of
ntdll.pdb. and interestingly, it retrieves ntdll.pd_ as for microsoft’s
symstore.
Ampsi
----- Original Message -----
From: “Ampsi Ho”
To: “Kernel Debugging Interest List”
Sent: Tuesday, February 17, 2004 14:13
Subject: [windbg] Loading symbols
hi,
got a question regarding loading of symbols.
i am using a symstore for windows symbols thru http.
when i try to debug a crash, i see “*** ERROR: Module load completed but
symbols cannot be loaded for ntdll.dll”
i check the local symbol cache and cannot find the symbol file there, so
i
created the folders in the local symbol cache to mimic that on the
symstore
web server. still the error comes out when i try a “.reload”.
however, if i just copy the symbol file into a local directory where i
keep
my own symbols, the “.reload” is ok.
did i do something wrong when creating the symstore? i am using
“symstore
add /r /f symbol_source /s symstore_path /t “Windows XP” /v “Free” /o /d
logfile”.
or did i specify the windbg symbol path wrongly? i am using
“symsrvsymsrv.dlllocal_cache_path*http://server/symstore”.
the interesting thing is, not all symbols have this problem. maybe about
half the symbols for modules can be loaded.
Ampsi
—
You are currently subscribed to windbg as: xxxxx@hotmail.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com