Missing symbols

Hello all,

Windbg is telling me I have missing symbols and I haven’t been able to figure out how to fix it. Hopefully someone out there will be able to shed some light on this. Here is the message it gives me:

*****************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_MM_DRIVER_VERIFIER_DATA ***
*** ***
*****************************************************************

Thanks in advance,
Josh

What command is causing this message? Is it “DT NT!_MM_VERIFIER_DATA”??

I don’t think that’s a public structure, is it?? If that’s the case, you CAN’T get the symbols in question (well, unless you’re Microsoft).

What is it that you’re trying to do??

Peter
OSR

I get that whenever I get a bugcheck. I have Driver Verifier running on my driver (testing on win2k, debugging from XP). If I do !analyze it shows up then as well.

Thanks,
Josh

It is a public structure, at least on 6001-x65-CHK; I don’t know about anywhere else, and I definitely don’t know about Win2K. If you turn on symbol debugging (.symopt+ 0x80000000), do a .reload -f -n, and then an lml, does everything look correct? If it does, then I guess that it doesn’t exist on Win2K. If that’s the case, there is something that you can do about it, but let’s see what you find first.

Good luck,

mm

Thanks for the suggestion. lml looks pretty good. The only strange thing I see is that I have a “dump_atapi” module with no symbols and a “dump_WMILIB” module with export symbols. So, what was that other suggestion?

Josh

That’s normal, I believe (dump_…).

Actually, I guess I can think of two things to try. The first, which I probably should have mentioned earlier is to try the checked build of ntoskrnl.exe and see if that has it. I guess there is no reason why it should be in one and not the other, but as it is pretty easy to try, it’s worth a shot.

The other suggestion is that, as a last resort, you can add the definition of _MM_VERIFIER_DRIVER_DATA to the ntoskrnl.pdb. The problem here is what does it looks like on Win2K? I don’t know; perhaps there’s someone this list who does, but if not, in this case, as you’re otherwise stuck and it doesn’t sound like you actually care what the actual output is, so long as it doesn’t crash WinDbg on the host, and get’s you to the point where you can do whatever it is you want to do, here’s what it looks like on 6001-x64-CHK as a place to start:

dt nt!_MM_DRIVER_VERIFIER_DATA
+0x000 Level : Uint4B
+0x004 RaiseIrqls : Uint4B
+0x008 AcquireSpinLocks : Uint4B
+0x00c SynchronizeExecutions : Uint4B
+0x010 AllocationsAttempted : Uint4B
+0x014 AllocationsSucceeded : Uint4B
+0x018 AllocationsSucceededSpecialPool : Uint4B
+0x01c AllocationsWithNoTag : Uint4B
+0x020 TrimRequests : Uint4B
+0x024 Trims : Uint4B
+0x028 AllocationsFailed : Uint4B
+0x02c AllocationsFailedDeliberately : Uint4B
+0x030 Loads : Uint4B
+0x034 Unloads : Uint4B
+0x038 UnTrackedPool : Uint4B
+0x03c UserTrims : Uint4B
+0x040 CurrentPagedPoolAllocations : Uint4B
+0x044 CurrentNonPagedPoolAllocations : Uint4B
+0x048 PeakPagedPoolAllocations : Uint4B
+0x04c PeakNonPagedPoolAllocations : Uint4B
+0x050 PagedBytes : Uint8B
+0x058 NonPagedBytes : Uint8B
+0x060 PeakPagedBytes : Uint8B
+0x068 PeakNonPagedBytes : Uint8B
+0x070 BurstAllocationsFailedDeliberately : Uint4B
+0x074 SessionTrims : Uint4B
+0x078 OptionChanges : Uint4B
+0x07c VerifyMode : Uint4B
+0x080 PreviousBucketName : _UNICODE_STRING

I don’t have any 32-bit targets running, but there isn’t anything that’s obviously 64-bit specific. In any case, what you do with this is to create a structure out of this information and put in a .c file, then, with the a copy of the ntoskrnl.pdb that WinDbg is currently using in the same directory as the .c file, execute the following (adding things such as include path as necessary:

cl -c -Fdntoskrnl.pdb <.c file>

This will add the definition of _MM_DRIVER_VERIFIER_DATA to ntoskrnl.pdb. Finally, copy ntoskrnl.pdb back to the folder which WinDbg is using as a symbol cache.

That’s the basic idea, and hopefully the definition is close enough to get by; it very well may not be, and the part that sucks is that it may be hard to figure out whether it really works or not. But, it is what it is if you don’t have any better options. In any case, it has been a while since I’ve done this, so you may have to modify it somewhat, but I think that it should work, at least as far as loading the pdb. Ideally, the checked build will have the information, and, if not, hopefully, someone can produce the actual definition of _MM_VERIFIER_DRIVER_DATA on Win2K. As Win2K was just dropped from the list of supported targets in the Server 2008 WDK, it hardly seems like trade secret knowledge at this point.

Good luck,

mm

Alright, I’ll try the first idea. It definitely is the easier of the two. If that doesn’t work, I might just ignore the message, since it doesn’t seem to actually interfere with anything.

Thanks,
Josh

I forgot some things.

1. The command line needs -Zi as well.

2. When I talked about using the checked version of ntoskrnl.exe, I meant install a partial checked build (ntoskrnl and hal). If you haven’t done this before, just seach for “partial checked build” in the WinDbg index.

Good luck,

mm

well i needed this win32k.sys!threadinfo for some reasons i cant remember now

and the symbols were missing (probably were/are not public symbols )

so i sewed them up in win32k.pdb using ddk(3790.1830) some time back manually

here is the complete commandline (using open build environemnt ->xpfreebuild)
many of the include directory may be superflous and it required a /d
define x86

the tagthread.c is a simple text file

here is the command line

C:\win32kpdb>cl.exe /Zi /Gz /c /Fdwin32k.pdb /ID:\WINDDK\3790~1.183\inc\wxp /ID:
\WINDDK\3790~1.183\inc /ID:\WINDDK\3790~1.183\inc\crt /ID:\WINDDK\3790~1.183\inc
\ddk\wxp /ID:\WINDDK\3790~1.183\inc\hal\wxp /ID:\WINDDK\3790~1.183\inc\ifs\wxp /
ID:\WINDDK\3790~1.183\inc\mfc42 /ID:\WINDDK\3790~1.183\inc\wxp /ID:\WINDDK\3790~
1.183\inc\processor /ID:\WINDDK\3790~1.183\inc\ddk\wdm\wxp /D_X86_=1 tagthread.c

copy the win32k.pdb from symbol cache into a folder
copy this tagthread.c (this is crap i have changed many HWINSTA etc
symbols to ULONG to fool errors and test do not follow this style im
posting this just for referance

and go to the build environment and pass the commandline

copy back the new win32k.pbd to symbol cache (remember save original
before replacing or use fresh symbol path (corrupted symbol
directories are a head ache)

go to kd and do dt _win32k!_Threadinfo here

it should show some real information in formatted style

like below

lkd> !ready
Processor 0: Ready Threads at priority 8
THREAD ff5e3020 Cid 0350.0b64 Teb: 7ffad000 Win32Thread: e123adc0 READY

lkd> dt win32k!_Threadinfo e123adc0
win32k!_THREADINFO
+0x000 a : [10] 0xff5e3020 <— this is w32thread
+0x028 ptl : (null)
+0x02c ppi : 0xe24db0c0
+0x030 pq : 0xe1080c18
+0x034 spklActive : 0xe20bcf08
+0x038 pcti : 0xbc662b18
+0x03c rpdesk : 0x810f0e10
+0x040 pDeskInfo : 0xbc630650
+0x044 pClientInfo : 0x7ffad6cc
+0x048 TIF_flags : 0x1000000
…
+0x090 pqAttach : 0xe153e8f8
…
+0x0a4 pSBTrack : 0x00000704
+0x0a8 hEventQueueClient : 0xff9c3f40
+0x0ac pEventQueueServer : 0xe153e9a4 _KEVENT
+0x0b0 PtiLink : _LIST_ENTRY [0xe1036e5c - 0x0]
…
+0x140 cti : 0
lkd>

have fun

the tagthread.c consisted of this butchered definitions

#include <ntddk.h>

typedef void *POINTER;

typedef POINTER PDESKTOPINFO;
typedef POINTER PPROCESSINFO;
typedef POINTER PTL;
--------------------------------------------

typedef struct tagPROCESSINFO { //W32PROCESS;
// ***************************************** begin: USER specific fields
PTHREADINFO ptiList; // threads in this process
PTHREADINFO ptiMainThread; // pti of “main thread”
--------------------------------------------------

typedef struct _THREADINFO {
ULONG a[10]; // W32THREAD
PTL ptl; // Listhead for thread lock list
+28
PPROCESSINFO ppi; // process info struct for this
thread +2C
.
.
.
.
.
CLIENTTHREADINFO cti; // Use this when no desktop is
available +F8
} THREADINFO, *PTHREADINFO;

THREADINFO thinf;

On 10/15/07, xxxxx@evitechnology.com wrote:
> I forgot some things.
>
> 1. The command line needs -Zi as well.
>
> 2. When I talked about using the checked version of ntoskrnl.exe, I meant install a partial checked build (ntoskrnl and hal). If you haven’t done this before, just seach for “partial checked build” in the WinDbg index.
>
> Good luck,
>
> mm
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
></ntddk.h>

Sorry it took me a while to get back, some things came up. However, the good news is that when I use the checked kernel and hal files, my warning goes away. And that’s good enough for me!

Thanks for the help everyone,
Josh

> Windbg is telling me I have missing symbols and I haven’t been able to figure out how to fix it.

This is a well-known problem on free builds- if you download symbols from the symbol server and then point WinDbg to them, you are going to get this error. What you have to do here is to point WinDbg to the symbol server and make it download them, i.e. let WinDbg itself handle the task of downloading symbols. If you do it this way everything should work fine. I know this sounds just illogical, but this is MSFT…

Anton Bassov