Re: My windbg can't download symols

Beverly_Brown · March 7, 2010, 7:04pm

I’m seeing the same problem as the OP. I’m running windbg (the latest version from the 7.1 WDK) on a Vista system.

I tried disabling antivirus and firewall.

Beverly

From: Doron Holan
Sent: Wednesday, February 03, 2010 2:46 AM
To: Kernel Debugging Interest List
Subject: RE: [windbg] My windbg can’t download symols

I just checked at home and it works. Perhaps you have a firewall or antivirus issue on your machine

d

tiny phone keyboard + fat thumbs = you do the muth

From: bb y
Sent: Tuesday, February 02, 2010 11:22 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] My windbg can’t download symols

IE output is " can’t find server",is this site available to visit?

2010/2/3 Jen-Lung Chiu

From the same machine, please start IE and type in ?http://msdl.microsoft.com/download/symbols?, what does IE output?

Sorry need to delete previous mails (for reason below).

Dear ListMember,

For security reasons, the NTDEV and NTFSD lists do not accept messages that are encoded in base64, messags with unusual MIME body parts (such as audio or video) or messages that have attachments. This includes messages with attractive little icons in your signature or whatever.

We apologize for any inconvenience this may cause you, but this is the long-standing wish of the majority of list members.

The NTDEV and NTFSD List Slaves

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

— WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Beverly_Brown · March 7, 2010, 8:09pm

I’ve been away from Windows for a bit, so maybe my memory is fuzzy, but setting the symbol path with .symfix c:\symbols used to work. I’ve found that in the current version, it isn’t actually setting the sympath correctly. It says it is, but it’s not set:

0: kd> .symfix c:\symbols
0: kd> .sympath
Symbol search path is: srv*
Expanded Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

Also, even when it is fully set (manually setting the sympath), the setting is insufficient (I’m debugging a crash dump file minidump to be exact):
0: kd> .sympath SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols

0: kd> .reload /f nt
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntoskrnl.exe\4B1E860A3b9000\ntoskrnl.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntoskrnl.exe\4B1E860A3b9000\ntoskrnl.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/4B1E860A3b9000/ntoskrnl.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrnlup.exe\4B1E860A3b9000\ntkrnlup.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrnlup.exe\4B1E860A3b9000\ntkrnlup.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlup.exe/4B1E860A3b9000/ntkrnlup.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrnlpa.exe\4B1E860A3b9000\ntkrnlpa.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrnlpa.exe\4B1E860A3b9000\ntkrnlpa.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlpa.exe/4B1E860A3b9000/ntkrnlpa.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrnlmp.exe\4B1E860A3b9000\ntkrnlmp.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrnlmp.exe\4B1E860A3b9000\ntkrnlmp.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/4B1E860A3b9000/ntkrnlmp.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrpamp.exe\4B1E860A3b9000\ntkrpamp.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrpamp.exe\4B1E860A3b9000\ntkrpamp.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrpamp.exe/4B1E860A3b9000/ntkrpamp.exe not found
DBGHELP: C:\Program Files\Debugging Tools for Windows\ntoskrnl.exe - file not found
DBGHELP: C:\Program Files\Debugging Tools for Windows\ntkrnlup.exe - file not found
DBGHELP: C:\Program Files\Debugging Tools for Windows\ntkrnlpa.exe - file not found
DBGHELP: C:\Program Files\Debugging Tools for Windows\ntkrnlmp.exe - file not found
DBGHELP: C:\Program Files\Debugging Tools for Windows\ntkrpamp.exe - file not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntoskrnl.exe\4B1E860A3b9000\ntoskrnl.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/4B1E860A3b9000/ntoskrnl.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrnlup.exe\4B1E860A3b9000\ntkrnlup.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlup.exe/4B1E860A3b9000/ntkrnlup.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrnlpa.exe\4B1E860A3b9000\ntkrnlpa.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlpa.exe/4B1E860A3b9000/ntkrnlpa.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrnlmp.exe\4B1E860A3b9000\ntkrnlmp.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/4B1E860A3b9000/ntkrnlmp.exe not found
SYMSRV: C:\Program Files\Debugging Tools for Windows\sym\ntkrpamp.exe\4B1E860A3b9000\ntkrpamp.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrpamp.exe/4B1E860A3b9000/ntkrpamp.exe not found
DBGENG: \SystemRoot\system32\ntkrnlpa.exe - Image mapping disallowed by non-local path.
Unable to load image \SystemRoot\system32\ntkrnlpa.exe, Win32 error 0n2
DBGENG: ntkrnlpa.exe - Partial symbol image load missing image info
DBGHELP: No header for ntkrnlpa.exe. Searching for dbg file
DBGHELP: .\ntkrnlpa.dbg - file not found
DBGHELP: .\exe\ntkrnlpa.dbg - path not found
DBGHELP: .\symbols\exe\ntkrnlpa.dbg - path not found
DBGHELP: ntkrnlpa.exe missing debug info. Searching for pdb anyway
DBGHELP: Can’t use symbol server for ntkrnlpa.pdb - no header information available
DBGHELP: ntkrnlpa.pdb - file not found
*** WARNING: Unable to verify timestamp for ntkrnlpa.exe
*** ERROR: Module load completed but symbols could not be loaded for ntkrnlpa.exe
DBGHELP: nt - no symbols loaded

Only after I appended the system32 directory to the path was it able to download symbols:

0: kd> .sympath
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;c:\windows\system32
Expanded Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;c:\windows\system32
0: kd> .reload /f nt
SYMSRV: c:\symbols\ntoskrnl.exe\4B1E860A3b9000\ntoskrnl.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/4B1E860A3b9000/ntoskrnl.exe not found
DBGENG: c:\windows\system32\ntoskrnl.exe image header does not match memory image header.
DBGHELP: c:\windows\system32\ntoskrnl.exe - mismatched
SYMSRV: c:\symbols\ntkrnlup.exe\4B1E860A3b9000\ntkrnlup.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlup.exe/4B1E860A3b9000/ntkrnlup.exe not found
SYMSRV: c:\symbols\ntkrnlpa.exe\4B1E860A3b9000\ntkrnlpa.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlpa.exe/4B1E860A3b9000/ntkrnlpa.exe not found
DBGHELP: c:\windows\system32\ntkrnlpa.exe - OK
DBGENG: c:\windows\system32\ntkrnlpa.exe - Mapped image memory
DBGHELP: nt - public symbols
c:\symbols\ntkrpamp.pdb\F69FAA7723254EB6887E232DF21E6A9F2\ntkrpamp.pdb

I wouldn’t expect it to need to find the kernel file for the local system when debugging a crash dump that may or may not have been generated on this system. It may be a completely different version than the one on the system where the dump was generated.

Beverly

From: Beverly Brown
Sent: Sunday, March 07, 2010 7:03 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] My windbg can’t download symols

I’m seeing the same problem as the OP. I’m running windbg (the latest version from the 7.1 WDK) on a Vista system.

I tried disabling antivirus and firewall.

Beverly

From: Doron Holan
Sent: Wednesday, February 03, 2010 2:46 AM
To: Kernel Debugging Interest List
Subject: RE: [windbg] My windbg can’t download symols

I just checked at home and it works. Perhaps you have a firewall or antivirus issue on your machine

d

tiny phone keyboard + fat thumbs = you do the muth

From: bb y
Sent: Tuesday, February 02, 2010 11:22 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] My windbg can’t download symols

IE output is " can’t find server",is this site available to visit?

2010/2/3 Jen-Lung Chiu

From the same machine, please start IE and type in ?http://msdl.microsoft.com/download/symbols?, what does IE output?

Sorry need to delete previous mails (for reason below).

Dear ListMember,

For security reasons, the NTDEV and NTFSD lists do not accept messages that are encoded in base64, messags with unusual MIME body parts (such as audio or video) or messages that have attachments. This includes messages with attractive little icons in your signature or whatever.

We apologize for any inconvenience this may cause you, but this is the long-standing wish of the majority of list members.

The NTDEV and NTFSD List Slaves

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

— WINDBG is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · March 8, 2010, 3:47am

You don’t suppose that it could be due to the path with spaces?

mm

Taed_Wynnell · March 8, 2010, 9:37am

> IE output is " can’t find server",is this site available to visit?

> From the same machine, please start IE and type in ?http://msdl.microsoft.com/download/symbols?, what does IE output?

This is what I get when I go to the address with my browser. So, if you don’t see this, then you have a network / firewall / related issue.

Microsoft Internet Symbol Server
The data you requested cannot be retrieved.

Beverly_Brown · March 8, 2010, 10:35am

Considering that I did not put “c:\program files.…” into the symbol
path, I wouldn’t expect it to even use that path. That’s part of the
problem, IMO. It’s not taking the path that I gave it. Instead, it’s
using the path where windbg lives instead.

Beverly

On Mon, Mar 8, 2010 at 3:46 AM, wrote:
> You don’t suppose that it could be due to the path with spaces?
>
>
> mm
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>

Scott_Noone_OSR · March 8, 2010, 10:39am

It looks like you’re having the same issue as the person in the “Piracy and
debugging” thread:

*** WARNING: Unable to verify timestamp for ntkrnlpa.exe

Are you working with a mini-dump?

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Beverly Brown” wrote in message
news:xxxxx@windbg…
> Considering that I did not put “c:\program files.…” into the symbol
> path, I wouldn’t expect it to even use that path. That’s part of the
> problem, IMO. It’s not taking the path that I gave it. Instead, it’s
> using the path where windbg lives instead.
>
> Beverly
>
> On Mon, Mar 8, 2010 at 3:46 AM, wrote:
>> You don’t suppose that it could be due to the path with spaces?
>>
>>
>> mm
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>

OSR_Community_User · March 8, 2010, 10:43am

Hmm. I see your point; my bad.

I am not seeing this problem with the newest (6.12.003.633) build of windbg, so this is curious.

Wait - are you using a minidump? The reason that I ask is that you seem to be having problems finding IMAGES.

\ntoskrnl.exe\4B1E860A3b9000\ntoskrnl.exe

mm

Beverly_Brown · March 8, 2010, 6:14pm

Yes, it’s a minidump.

Beverly

On Mon, Mar 8, 2010 at 10:39 AM, Scott Noone wrote:
> It looks like you’re having the same issue as the person in the “Piracy and
> debugging” thread:
>
> *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
>
> Are you working with a mini-dump?
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> “Beverly Brown” wrote in message
> news:xxxxx@windbg…
>>
>> Considering that I did not put “c:\program files.…” ?into the symbol
>> path, I wouldn’t expect it to even use that path. That’s part of the
>> problem, IMO. It’s not taking the path that I gave it. Instead, it’s
>> using the path where windbg lives instead.
>>
>> Beverly
>>
>> On Mon, Mar 8, 2010 at 3:46 AM, ? wrote:
>>>
>>> You don’t suppose that it could be due to the path with spaces?
>>>
>>>
>>> mm
>>>
>>> —
>>> WINDBG is sponsored by OSR
>>>
>>> For our schedule of WDF, WDM, debugging and other seminars visit:
>>> http://www.osr.com/seminars
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>>
>>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Beverly_Brown · March 8, 2010, 6:19pm

I just read the other thread. I don’t remember this restriction with
minidumps - I guess it’s one of those little things that got flushed
to make room for other stuff I’ve been working on.

I always assumed that the versions of the kernel modules were present
in even the minidumps (even if the image itself wasn’t) and it
downloaded everything it needed based on those versions from the
symbol server.

Beverly

On Mon, Mar 8, 2010 at 6:13 PM, Beverly Brown wrote:
> Yes, it’s a minidump.
>
> Beverly
>
> On Mon, Mar 8, 2010 at 10:39 AM, Scott Noone wrote:
>> It looks like you’re having the same issue as the person in the “Piracy and
>> debugging” thread:
>>
>> *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
>>
>> Are you working with a mini-dump?
>>
>> -scott
>>
>> –
>> Scott Noone
>> Consulting Associate
>> OSR Open Systems Resources, Inc.
>> http://www.osronline.com
>>
>>
>> “Beverly Brown” wrote in message
>> news:xxxxx@windbg…
>>>
>>> Considering that I did not put “c:\program files.…” ?into the symbol
>>> path, I wouldn’t expect it to even use that path. That’s part of the
>>> problem, IMO. It’s not taking the path that I gave it. Instead, it’s
>>> using the path where windbg lives instead.
>>>
>>> Beverly
>>>
>>> On Mon, Mar 8, 2010 at 3:46 AM, ? wrote:
>>>>
>>>> You don’t suppose that it could be due to the path with spaces?
>>>>
>>>>
>>>> mm
>>>>
>>>> —
>>>> WINDBG is sponsored by OSR
>>>>
>>>> For our schedule of WDF, WDM, debugging and other seminars visit:
>>>> http://www.osr.com/seminars
>>>>
>>>> To unsubscribe, visit the List Server section of OSR Online at
>>>> http://www.osronline.com/page.cfm?name=ListServer
>>>>
>>>
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>

Ken_Johnson · March 8, 2010, 9:43pm

There will be enough information to fetch the symbol from a symbol store in the dump. For PE images, the index currently uses the file name, timestamp, and image size (the latter two from the image header). This data is captured in a minidump.

S

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
Sent: Monday, March 08, 2010 3:19 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] Re: My windbg can’t download symols

I just read the other thread. I don’t remember this restriction with
minidumps - I guess it’s one of those little things that got flushed
to make room for other stuff I’ve been working on.

I always assumed that the versions of the kernel modules were present
in even the minidumps (even if the image itself wasn’t) and it
downloaded everything it needed based on those versions from the
symbol server.

Beverly

On Mon, Mar 8, 2010 at 6:13 PM, Beverly Brown wrote:
> Yes, it’s a minidump.
>
> Beverly
>
> On Mon, Mar 8, 2010 at 10:39 AM, Scott Noone wrote:
>> It looks like you’re having the same issue as the person in the “Piracy and
>> debugging” thread:
>>
>> *** WARNING: Unable to verify timestamp for ntkrnlpa.exe
>>
>> Are you working with a mini-dump?
>>
>> -scott
>>
>> –
>> Scott Noone
>> Consulting Associate
>> OSR Open Systems Resources, Inc.
>> http://www.osronline.com
>>
>>
>> “Beverly Brown” wrote in message
>> news:xxxxx@windbg…
>>>
>>> Considering that I did not put “c:\program files.…” ?into the symbol
>>> path, I wouldn’t expect it to even use that path. That’s part of the
>>> problem, IMO. It’s not taking the path that I gave it. Instead, it’s
>>> using the path where windbg lives instead.
>>>
>>> Beverly
>>>
>>> On Mon, Mar 8, 2010 at 3:46 AM, ? wrote:
>>>>
>>>> You don’t suppose that it could be due to the path with spaces?
>>>>
>>>>
>>>> mm
>>>>
>>>> —
>>>> WINDBG is sponsored by OSR
>>>>
>>>> For our schedule of WDF, WDM, debugging and other seminars visit:
>>>> http://www.osr.com/seminars
>>>>
>>>> To unsubscribe, visit the List Server section of OSR Online at
>>>> http://www.osronline.com/page.cfm?name=ListServer
>>>>
>>>
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer