symbols for crash dump

WINDBG
1

Hello,
I have a crash dump file I am trying to analyze in WinDBG. The file loads fine, but I am unable to load the symbols for the driver I am trying to debug. All the microsoft symbols are loaded, but not my driver.

The crash dump was generated on a machine running a free build of the driver. Does this mean I can’t get symbols? I’ve tried setting the Image Path to a local copy of the driver. WinDBG says the module loaded, but still couldn’t load symbols.
Cheers,
Ben

2

What’s the output of ‘.sympath?’

You either need to (a) add the path of your driver src to that path; or (b)
add your driver’s pdb to a local symbol server and then add the path to your
symbol server to ‘.sympath.’

While (b) is a little more work, I think that it’s worth the effort.

Something like:

Symstore add /r /f *.* /s
/t “”

Good luck,

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@nchsoftware.com
Sent: Sunday, October 10, 2010 6:52 PM
To: Kernel Debugging Interest List
Subject: [windbg] symbols for crash dump

Hello,
I have a crash dump file I am trying to analyze in WinDBG. The file loads
fine, but I am unable to load the symbols for the driver I am trying to
debug. All the microsoft symbols are loaded, but not my driver.

The crash dump was generated on a machine running a free build of the
driver. Does this mean I can’t get symbols? I’ve tried setting the Image
Path to a local copy of the driver. WinDBG says the module loaded, but still
couldn’t load symbols.
Cheers,
Ben


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

3

If you haven’t, build it with symbols. There is in the WDK an example
makefile.inc that will show you how to move your symbols to your local
symbols store.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@nchsoftware.com
Sent: Sunday, October 10, 2010 5:52 PM
To: Kernel Debugging Interest List
Subject: [windbg] symbols for crash dump

Hello,
I have a crash dump file I am trying to analyze in WinDBG. The file loads
fine, but I am unable to load the symbols for the driver I am trying to
debug. All the microsoft symbols are loaded, but not my driver.

The crash dump was generated on a machine running a free build of the
driver. Does this mean I can’t get symbols? I’ve tried setting the Image
Path to a local copy of the driver. WinDBG says the module loaded, but still
couldn’t load symbols.
Cheers,
Ben

WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

4

You’re fre build should already have symbols.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Sunday, October 10, 2010 7:37 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] symbols for crash dump

If you haven’t, build it with symbols. There is in the WDK an example
makefile.inc that will show you how to move your symbols to your local
symbols store.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@nchsoftware.com
Sent: Sunday, October 10, 2010 5:52 PM
To: Kernel Debugging Interest List
Subject: [windbg] symbols for crash dump

Hello,
I have a crash dump file I am trying to analyze in WinDBG. The file loads
fine, but I am unable to load the symbols for the driver I am trying to
debug. All the microsoft symbols are loaded, but not my driver.

The crash dump was generated on a machine running a free build of the
driver. Does this mean I can’t get symbols? I’ve tried setting the Image
Path to a local copy of the driver. WinDBG says the module loaded, but still
couldn’t load symbols.
Cheers,
Ben

WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

5

Ok, thanks for the responses guys.

I turned on !sym noisy and found that it was searching for the wrong pdb file - it’s a different name to the .sys file for some reason. I renamed it and now it loads, but I get a number of messages such as:

xxx.sys image header does not match memory image header.
xxx.sys - mismatched
xxx.sys has mismatched symbols

Does this mean the pdb file was generated at a different time to the driver which created the dump file?

Thanks,
Ben

6

It means that the uuid in the pdb doesn’t match the uuid in the sys, which
most likely means that they weren’t built together, though it’s possible
that the pdb could also have been modified.

It sure sounds like you’re mixing and matching your pdb’s and sys’s.

Mm

On Oct 10, 2010 8:42 PM, wrote:
Ok, thanks for the responses guys.

I turned on !sym noisy and found that it was searching for the wrong pdb
file - it’s a different name to the .sys file for some reason. I renamed it
and now it loads, but I get a number of messages such as:

xxx.sys image header does not match memory image header.
xxx.sys - mismatched
xxx.sys has mismatched symbols

Does this mean the pdb file was generated at a different time to the driver
which created the dump file?

Thanks,

Ben


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars vis…

7

Ok. That’s kind of what I guessed :frowning:
Thanks for all the help.
Ben