recent windbg symbols not working

Wilhelm_Noker · August 26, 2015, 4:57am

While this won’t help for analyzing crash dumps, I could at least restore normal operation for my live debugging target by uninstalling security updates KB3071756 and KB3060716.

“!lmi nt” now indicates a binary created on May 25, and now at last !irp and all the other extension commands are working again.

HTH

Eva_Ting · August 26, 2015, 5:38am

For what it is worth, I can narrow my issues down to the month of August. Everything before that to end of July runs fine (kernel and user). Since then and including a test dump yesterday - symbols files update from the server OK but do not contain kernel data types for ntkrnlmp or ntdll. My guess is an internal msft change prior to patch Tuesday of Aug.

I did come across a fix whereby a second instance of ntkrnlmp or ntdll symbols is loaded into a empty address using windbg. it used
.reload /f /i …
to load a previous known good symbol file and ignoring mismatch errors.

Haven’t tried it yet.

OSR_Community_User · September 2, 2015, 4:02pm

I have had a reply from the windbgfb email account

We?re aware of issues with recent Windows 7 symbols and are investigating the cause and possible solutions. We don?t have an ETA for a fix at this time.

Thanks Microsoft.

Malcolm_McCaffery · September 2, 2015, 11:56pm

Not sure if this solution will work for this scenario, but this is what I
did when I had some dmp files / Windows Update traces for an ETL file for a
Windows 10 insider build which has no public symbols available. I found the
latest symbols for that version of the OS available (i.e. win10 RTM) then
used ChkMatch to update the PDB signatures to match current DLLs. For
Windows 7 when symbols are not working could maybe try similar approach
with the latest Windows 7 symbols publicly available. Only tried with user
dmps though not kernel ones.

https://chentiangemalc.wordpress.com/2015/09/03/debugging-viewing-windows-update-log-on-windows-10-insider-builds/

Maybe (hopefully!) there is easier way to achieve same result, but it
worked for me…
regs,

Malcolm.

On Thu, Sep 3, 2015 at 6:01 AM, wrote:

> I have had a reply from the windbgfb email account
>
> >We?re aware of issues with recent Windows 7 symbols and are investigating
> the cause and possible solutions. We don?t have an ETA for a fix at this
> time.
>
> Thanks Microsoft.
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>