I have a problem where I cannot seem to get the right symbols for my target machine using symchk. Here is what I did:
On the Target Host
- loaded OS (Win 7 x64) on
- loaded debug tools
- did symchk /r c:\windows\system32 /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
3.a got about 1.1 GB worth of symbols
3.b a bunch of stuff was “not found” or faulty
- copied C:\symbols directory to my debug host
- rebooted in debug mode
On the DEBUG host:
- started up Windbg in kernel debug
- get control
3. set symbol path to C:\symbols
4. .reload
5. !process 0 0
NT ACTIVE PROCESS DUMP
NT symbols are incorrect, please fix symbols
6. add srv* to the symbol path
7. .reload
8. !process 0 0
NT ACTIVE PROCESS DUMP
PROCESS fffffa8003c8e040
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00187000 ObjectTable: fffff8a000001850 HandleCount: 457.
Image: System
PROCESS fffffa8006c19a10
SessionId: none Cid: 0158 Peb: 7fffffdf000 ParentCid: 0004
DirBase: 12eb8b000 ObjectTable: fffff8a0002aa070 HandleCount: 32.
Image: smss.exe
Yay, it works.
However – why didn’t I get the right symbols with symchk? Where does windbg put the symbols it got from the symbol server? I need to get those symbols to another machine…
Thanks!
Dave
Are you running the *exact* same version of the O/S on the host and the
target? Even a hotfix will throw off the match.
Try turning on noisy symbol loading and you should see why the symbols
aren’t being picked up by the debugger:
!sym noisy
.reload
!sym quiet
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
I have a problem where I cannot seem to get the right symbols for my target
machine using symchk. Here is what I did:
On the Target Host
- loaded OS (Win 7 x64) on
- loaded debug tools
- did symchk /r c:\windows\system32 /s
SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
3.a got about 1.1 GB worth of symbols
3.b a bunch of stuff was “not found” or faulty
- copied C:\symbols directory to my debug host
- rebooted in debug mode
On the DEBUG host:
- started up Windbg in kernel debug
- get control
3. set symbol path to C:\symbols
4. .reload
5. !process 0 0
NT ACTIVE PROCESS DUMP
NT symbols are incorrect, please fix symbols
6. add srv* to the symbol path
7. .reload
8. !process 0 0
NT ACTIVE PROCESS DUMP
PROCESS fffffa8003c8e040
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00187000 ObjectTable: fffff8a000001850 HandleCount: 457.
Image: System
PROCESS fffffa8006c19a10
SessionId: none Cid: 0158 Peb: 7fffffdf000 ParentCid: 0004
DirBase: 12eb8b000 ObjectTable: fffff8a0002aa070 HandleCount: 32.
Image: smss.exe
Yay, it works.
However – why didn’t I get the right symbols with symchk? Where does windbg
put the symbols it got from the symbol server? I need to get those symbols
to another machine…
Thanks!
Dave
Please run the following commands and that would give you information how debugger loads the symbol.
.sympath
!sym noisy
.reload /f nt
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Scott Noone
Sent: Friday, May 11, 2012 08:21 AM
To: Kernel Debugging Interest List
Subject: Re:[windbg] symfix vs symchk
Are you running the *exact* same version of the O/S on the host and the target? Even a hotfix will throw off the match.
Try turning on noisy symbol loading and you should see why the symbols aren’t being picked up by the debugger:
!sym noisy
.reload
!sym quiet
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
I have a problem where I cannot seem to get the right symbols for my target machine using symchk. Here is what I did:
On the Target Host
- loaded OS (Win 7 x64) on
- loaded debug tools
- did symchk /r c:\windows\system32 /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
3.a got about 1.1 GB worth of symbols
3.b a bunch of stuff was “not found” or faulty 4. copied C:\symbols directory to my debug host 5. rebooted in debug mode
On the DEBUG host:
- started up Windbg in kernel debug
- get control
3. set symbol path to C:\symbols
4. .reload
5. !process 0 0
NT ACTIVE PROCESS DUMP
NT symbols are incorrect, please fix symbols 6. add srv* to the symbol path 7. .reload 8. !process 0 0
NT ACTIVE PROCESS DUMP
PROCESS fffffa8003c8e040
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00187000 ObjectTable: fffff8a000001850 HandleCount: 457.
Image: System
PROCESS fffffa8006c19a10
SessionId: none Cid: 0158 Peb: 7fffffdf000 ParentCid: 0004
DirBase: 12eb8b000 ObjectTable: fffff8a0002aa070 HandleCount: 32.
Image: smss.exe
Yay, it works.
However – why didn’t I get the right symbols with symchk? Where does windbg put the symbols it got from the symbol server? I need to get those symbols to another machine…
Thanks!
Dave
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
No - host machine and target machine are potentially different versions of Win7. But, I ran symchk on the target machine and then copied symbols over to my debug machine. Why does the OS of the host machine matter in this case?
I added srv* to the symbol path, and Windbg picked up the right symbols. I’m just curious as to why my “symchk” process didn’t work.
My bad, I misread your original message:
On the Target Host
…
3. did symchk
Usually we reserve the word, “host” for the machine running WinDBG. So, I
thought you were saying that you ran symchk on the host.
Noisy symbol loading should give a clue as to why it’s not working.
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
No - host machine and target machine are potentially different versions of
Win7. But, I ran symchk on the target machine and then copied symbols over
to my debug machine. Why does the OS of the host machine matter in this
case?
I added srv* to the symbol path, and Windbg picked up the right symbols. I’m
just curious as to why my “symchk” process didn’t work.