I am new to Windbg. Whenever I am trying to use !wdfldr to get all loaded KMDF drivers I am getting this error. Can some one help me please.
kd> !wdfldr
error: Could not retrieve wdfldr!WdfLdrGlobals
hint: Are symbols loaded for wdfldr.sys?
As the message says, you need to load symbols for wdfldr.
Check the documentation for the ‘.symfix’ and ‘.reload’ commands in the debugger documentation (debugger.chm).
- S
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Thursday, October 28, 2010 6:03 PM
To: Kernel Debugging Interest List
Subject: [windbg] problem with Winldr
I am new to Windbg. Whenever I am trying to use !wdfldr to get all loaded KMDF drivers I am getting this error. Can some one help me please.
kd> !wdfldr
error: Could not retrieve wdfldr!WdfLdrGlobals
hint: Are symbols loaded for wdfldr.sys?
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Where can I find those symbols for winldr ?
Also I got these kd> !sym noisy
noisy mode - symbol prompts on
kd> .reload wdfldr.sys
“wdfldr.sys” was not found in the image list.
Debugger will attempt to load “wdfldr.sys” at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=,.
DBGENG: wdfldr.sys - Partial symbol image load missing image info
DBGHELP: No header for wdfldr.sys. Searching for dbg file
DBGHELP: .\wdfldr.dbg - file not found
DBGHELP: .\sys\wdfldr.dbg - path not found
DBGHELP: .\symbols\sys\wdfldr.dbg - path not found
DBGHELP: wdfldr.sys missing debug info. Searching for pdb anyway
DBGHELP: Can’t use symbol server for wdfldr.pdb - no header information available
DBGHELP: wdfldr.pdb - file not found
DBGHELP: wdfldr - no symbols loaded
Unable to add module at 00000000</image.ext>
Did you look at the documentation for .symfix ? This command will point your debugger at the Microsoft public symbol server which will have these symbols.
- S
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Thursday, October 28, 2010 7:14 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] problem with Winldr
Where can I find those symbols for winldr ?
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Hi Thank you very much for the reply. I used the same
kd> .symfix
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: cache*;SRV*http://msdl.microsoft.com/download/symbols
kd> .reload wdfldr.sys
“wdfldr.sys” was not found in the image list.
Debugger will attempt to load “wdfldr.sys” at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=,.
DBGENG: wdfldr.sys - Partial symbol image load missing image info
DBGHELP: No header for wdfldr.sys. Searching for dbg file
DBGHELP: .\wdfldr.dbg - file not found
DBGHELP: .\sys\wdfldr.dbg - path not found
DBGHELP: .\symbols\sys\wdfldr.dbg - path not found
DBGHELP: wdfldr.sys missing debug info. Searching for pdb anyway
DBGHELP: Can’t use symbol server for wdfldr.pdb - no header information available
DBGHELP: wdfldr.pdb - file not found
DBGHELP: wdfldr - no symbols loaded
Unable to add module at 00000000</image.ext>
(I’m not sure if someone already answered this.)
That message below is saying that wdfldr.sys is not loaded.
You seem to be using ‘winldr’ and ‘wdflrd’ interchangeably; which are
looking for?
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Thursday, October 28, 2010 10:51 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] problem with Winldr
Hi Thank you very much for the reply. I used the same
kd> .symfix
DBGHELP: Symbol Search Path:
cache*;SRV*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path:
cache*;SRV*http://msdl.microsoft.com/download/symbols
kd> .reload wdfldr.sys
“wdfldr.sys” was not found in the image list.
Debugger will attempt to load “wdfldr.sys” at given base 00000000.
Please provide the full image name, including the extension (i.e.
kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=,.
DBGENG: wdfldr.sys - Partial symbol image load missing image info
DBGHELP: No header for wdfldr.sys. Searching for dbg file
DBGHELP: .\wdfldr.dbg - file not found
DBGHELP: .\sys\wdfldr.dbg - path not found
DBGHELP: .\symbols\sys\wdfldr.dbg - path not found
DBGHELP: wdfldr.sys missing debug info. Searching for pdb anyway
DBGHELP: Can’t use symbol server for wdfldr.pdb - no header information
available
DBGHELP: wdfldr.pdb - file not found
DBGHELP: wdfldr - no symbols loaded
Unable to add module at 00000000
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</image.ext>
Does the pm command show that wdfldr is loaded?
d
dent from a phpne with no keynoard
-----Original Message-----
From: Martin O’Brien
Sent: October 30, 2010 12:07 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] problem with Winldr
(I’m not sure if someone already answered this.)
That message below is saying that wdfldr.sys is not loaded.
You seem to be using ‘winldr’ and ‘wdflrd’ interchangeably; which are
looking for?
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Thursday, October 28, 2010 10:51 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] problem with Winldr
Hi Thank you very much for the reply. I used the same
kd> .symfix
DBGHELP: Symbol Search Path:
cache*;SRVhttp://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path:
cache;SRV*http://msdl.microsoft.com/download/symbols
kd> .reload wdfldr.sys
“wdfldr.sys” was not found in the image list.
Debugger will attempt to load “wdfldr.sys” at given base 00000000.
Please provide the full image name, including the extension (i.e.
kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=,.
DBGENG: wdfldr.sys - Partial symbol image load missing image info
DBGHELP: No header for wdfldr.sys. Searching for dbg file
DBGHELP: .\wdfldr.dbg - file not found
DBGHELP: .\sys\wdfldr.dbg - path not found
DBGHELP: .\symbols\sys\wdfldr.dbg - path not found
DBGHELP: wdfldr.sys missing debug info. Searching for pdb anyway
DBGHELP: Can’t use symbol server for wdfldr.pdb - no header information
available
DBGHELP: wdfldr.pdb - file not found
DBGHELP: wdfldr - no symbols loaded
Unable to add module at 00000000
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</image.ext>
Sorry, the lm comand (not pm)
d
dent from a phpne with no keynoard
-----Original Message-----
From: Doron Holan
Sent: October 30, 2010 12:50 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] problem with Winldr
Does the pm command show that wdfldr is loaded?
d
dent from a phpne with no keynoard
-----Original Message-----
From: Martin O’Brien
Sent: October 30, 2010 12:07 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] problem with Winldr
(I’m not sure if someone already answered this.)
That message below is saying that wdfldr.sys is not loaded.
You seem to be using ‘winldr’ and ‘wdflrd’ interchangeably; which are
looking for?
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Thursday, October 28, 2010 10:51 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] problem with Winldr
Hi Thank you very much for the reply. I used the same
kd> .symfix
DBGHELP: Symbol Search Path:
cache*;SRVhttp://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path:
cache;SRV*http://msdl.microsoft.com/download/symbols
kd> .reload wdfldr.sys
“wdfldr.sys” was not found in the image list.
Debugger will attempt to load “wdfldr.sys” at given base 00000000.
Please provide the full image name, including the extension (i.e.
kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=,.
DBGENG: wdfldr.sys - Partial symbol image load missing image info
DBGHELP: No header for wdfldr.sys. Searching for dbg file
DBGHELP: .\wdfldr.dbg - file not found
DBGHELP: .\sys\wdfldr.dbg - path not found
DBGHELP: .\symbols\sys\wdfldr.dbg - path not found
DBGHELP: wdfldr.sys missing debug info. Searching for pdb anyway
DBGHELP: Can’t use symbol server for wdfldr.pdb - no header information
available
DBGHELP: wdfldr.pdb - file not found
DBGHELP: wdfldr - no symbols loaded
Unable to add module at 00000000
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</image.ext>
@tom and @dolon I am looking for wdfldr.sys and this is my wdfldr.sys output. Also I used lm v but its not listing wdfldr.sys in it.
kd> .symfix
kd> .reload wdfldr.sys
“wdfldr.sys” was not found in the image list.
Debugger will attempt to load “wdfldr.sys” at given base 00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=,.
Unable to add module at 00000000</image.ext>
Just to be sure, how about ‘lm m wdfldr.’
If that doesn’t list it, then it’s not loaded.
Good luck,
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Saturday, October 30, 2010 4:12 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] problem with Winldr
@tom and @dolon I am looking for wdfldr.sys and this is my wdfldr.sys
output. Also I used lm v but its not listing wdfldr.sys in it.
kd> .symfix
kd> .reload wdfldr.sys
“wdfldr.sys” was not found in the image list.
Debugger will attempt to load “wdfldr.sys” at given base 00000000.
Please provide the full image name, including the extension (i.e.
kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=,.
Unable to add module at 00000000
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</image.ext>
Its saying module is loaded but symbols are not loaded.
kd> “wdfldr.sys” was not found in the image list.
^ Syntax error in ‘“wdfldr.sys” was not found in the image list.’
kd> Debugger will attempt to load “wdfldr.sys” at given base 00000000.
*** WARNING: Unable to verify timestamp for vpc-s3.dll
*** ERROR: Module load completed but symbols could not be loaded for vpc-s3.dll
*** ERROR: Module load completed but symbols could not be loaded for vmsrvc.sys
*** ERROR: Module load completed but symbols could not be loaded for ipnat.sys
*** ERROR: Module load completed but symbols could not be loaded for ipsec.sys
*** ERROR: Module load completed but symbols could not be loaded for vpc-s3.sys
*** ERROR: Module load completed but symbols could not be loaded for isapnp.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for drmk.sys -
*** ERROR: Module load completed but symbols could not be loaded for msvmmouf.sys
*** ERROR: Module load completed but symbols could not be loaded for intelide.sys
Couldn’t resolve error at 'ebugger will attempt to ’
kd> Please provide the full image name, including the extension (i.e. kernel32.dll)
^ pass count must be preceeded by whitespace error in ‘Please provide the full image name, including the extension (i.e. kernel32.dll)’
kd> for more reliable results.Base address and size overrides can be given as
Address expression missing from ‘or more reliable results.Base address and size overrides can be given as’
kd> .reload <image.ext>=,.
Base address missing from ‘,.’
Invalid base address
kd> lm m wdfldr
start end module name</image.ext>
No, I think that it’s saying that it’s not loaded at all:
kd> lm m wdfldr
start end module name
I think that all the other noise is do to you trying to forcibly reload the
symbols for it, when the module isn’t loaded.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Saturday, October 30, 2010 4:19 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] problem with Winldr
Its saying module is loaded but symbols are not loaded.
kd> “wdfldr.sys” was not found in the image list.
^ Syntax error in ‘“wdfldr.sys” was not found in the image list.’
kd> Debugger will attempt to load “wdfldr.sys” at given base 00000000.
*** WARNING: Unable to verify timestamp for vpc-s3.dll
*** ERROR: Module load completed but symbols could not be loaded for
vpc-s3.dll
*** ERROR: Module load completed but symbols could not be loaded for
vmsrvc.sys
*** ERROR: Module load completed but symbols could not be loaded for
ipnat.sys
*** ERROR: Module load completed but symbols could not be loaded for
ipsec.sys
*** ERROR: Module load completed but symbols could not be loaded for
vpc-s3.sys
*** ERROR: Module load completed but symbols could not be loaded for
isapnp.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
drmk.sys -
*** ERROR: Module load completed but symbols could not be loaded for
msvmmouf.sys
*** ERROR: Module load completed but symbols could not be loaded for
intelide.sys
Couldn’t resolve error at 'ebugger will attempt to ’
kd> Please provide the full image name, including the extension (i.e.
kernel32.dll)
^ pass count must be preceeded by whitespace error in ‘Please provide
the full image name, including the extension (i.e. kernel32.dll)’
kd> for more reliable results.Base address and size overrides can be given
as
Address expression missing from ‘or more reliable results.Base address and
size overrides can be given as’
kd> .reload <image.ext>=,.
Base address missing from ‘,.’
Invalid base address
kd> lm m wdfldr
start end module name
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</image.ext>
@mm Thank you very much. where can I find the wdfldr.sys please.
Just to make sure that we have this correct - as not having wdfldr loaded is
totally possible but (I would guess) fairly uncommon at this point - what’s
your target’s version of the OS?
Assuming that this is correct, to get wdfldr.sys loaded, you’ll need to
install any driver that uses KMDF.
Backing up a bit, why are interested in wdfldr?
Good luck,
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Saturday, October 30, 2010 4:45 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] problem with Winldr
@mm Thank you very much. where can I find the wdfldr.sys please.
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Hi mm,
The host machine and target machine are both windows xp sp3. I am running the target machine on Virtual PC 2007 . Also I checked my system32 folder and I am unable to find wdfldr.sys. I am just trying to learn writing kmdf drivers.
Alrighty then.
So, it sounds like wdfldr.sys is definitely not loaded.
Have you tried to build & install a kmdf driver yet? If not, what I would
recommend that you do is start with the kmdf ioctl sample
(/src/general/ioctl/kmdf). That is, build it (in the XP CHK build
environment), install it (follow the instructions in the ‘nonpnp.htm’ file
in that same directory) and then run the exe (instructions in same file).
At that point, you should be able to see symbols for your driver in windbg.
Good luck,
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Saturday, October 30, 2010 5:06 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] problem with Winldr
Hi mm,
The host machine and target machine are both windows xp sp3. I am
running the target machine on Virtual PC 2007 . Also I checked my system32
folder and I am unable to find wdfldr.sys. I am just trying to learn writing
kmdf drivers.
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
@mm Thank you very much. I am able to compile and run it. Is there a way to set a break point at the start of the executable ? Because when ever I run the app it executes and quits quickly.
From the kernel debugger, there isn’t an easy way. You can easily set one
from a user mode instance of windbg that loads the exe:
bp !main
However, I suspect that you’re doing something wrong launching the exe. Are
you launching it from the command line?
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Saturday, October 30, 2010 5:58 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] problem with Winldr
@mm Thank you very much. I am able to compile and run it. Is there a way to
set a break point at the start of the executable ? Because when ever I run
the app it executes and quits quickly.
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
@mm Yes I am launching from the command line. The problem is the application transfers some data and quits quickly. When I check the loaded driver modules, I see KMDF driver as stopped.