yes that sets up a proxy configuration, which is fine for many use
cases, however that is not quite the same as ‘slurping all the symbols
from the microsoft symbol server onto a local symbol server’. It might
however be good enough for the OP’s particular security requirements.
Mark Roddy
On Thu, Mar 31, 2011 at 11:52 AM, G?nter Prossliner
wrote:
> Setting up a local Symbol Server is very straitforward, and it is also documented very well.
>
>crashing a target machine with internet connectivity which it looks like
I will have to resort to.
No need.
a) get the proper wdf1000.sys file from the machine you need to investigate.
b) copy it to your personal machine, like a laptop
c) on that 2nd machine, “windbg -z wdf1000.sys”
d) then tell windbg to reload the symbols from MS
e) take the .pdb from the symbol cache directory and copy it to the secure machine - via USB flash drive or something.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
And if you need to do this for multiple files, you can create a minidump (.dump /m), copy it to a machine that has internet access, load it in kd then load all symbols and cache them on a local share:
kd -z foo.dmp
.symfix \some\share
.reload /f
Then copy the contents of \some\share to the secure machine (or point debugger to the share if it’s accessible).
You can also do this using symchk.exe but I prefer the minidump method because it’s easier to remember.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Thursday, March 31, 2011 12:17 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] wdf01000.pdb
crashing a target machine with internet connectivity which it looks
like I will have to resort to.
No need.
a) get the proper wdf1000.sys file from the machine you need to investigate.
b) copy it to your personal machine, like a laptop
c) on that 2nd machine, “windbg -z wdf1000.sys”
d) then tell windbg to reload the symbols from MS
e) take the .pdb from the symbol cache directory and copy it to the secure machine - via USB flash drive or something.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Indeed, one nice feature of the ‘symchk’ approach is that you can get all
available pdb’s for all images on the machine (or subset thereof), not just
for those referenced in the crashdump.
symchk /av /od /r /s
SRV**http://msdl.microsoft.com/download/symbols
Or thereabouts.
All depends on what you need.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Pavel Lebedynskiy
Sent: Thursday, March 31, 2011 6:48 PM
To: Windows System Software Devs Interest List
Subject: RE: Re:[ntdev] wdf01000.pdb
And if you need to do this for multiple files, you can create a minidump
(.dump /m), copy it to a machine that has internet access, load it in kd
then load all symbols and cache them on a local share:
kd -z foo.dmp
.symfix \some\share
.reload /f
Then copy the contents of \some\share to the secure machine (or point
debugger to the share if it’s accessible).
You can also do this using symchk.exe but I prefer the minidump method
because it’s easier to remember.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Thursday, March 31, 2011 12:17 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] wdf01000.pdb
>crashing a target machine with internet connectivity which it looks
>like I will have to resort to.
No need.
a) get the proper wdf1000.sys file from the machine you need to investigate.
b) copy it to your personal machine, like a laptop
c) on that 2nd machine, “windbg -z wdf1000.sys”
d) then tell windbg to reload the symbols from MS
e) take the .pdb from the symbol cache directory and copy it to the secure
machine - via USB flash drive or something.
–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
i am posting this on behalf of Scott Kupec:
The last post by “mm” almost has it right. He mentions:
symchk /av /od /r /s SRV**http://msdl.microsoft.com/download/symbols
except the OP wanted to do this from a non-internet machine. In that case,
From the non-connected machine:
symchk /r /f C:* /s . /om FilesToGet.txt
The generated FilesToGet.txt is all readable plaintext which, so far, has allied any customer concerns about exactly what information is leaving the machine.
Copy the generated FilesToGet.txt to a connected machine and…
symchk /s SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols /im FilesToGet.txt
which will populate C:\SymCache with all of the (available) PDBs for the original system. From there, you do have to find a way to get the directory available to the non-connected machine but a USB drive usually does the trick.
This was added a couple of years back for customers that needed to debug in a secure environment.
–Scott
Hmm. Wish I had known about this before I wrote my own tool to do basically
the same thing.
Alas,
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@Microsoft.com
Sent: Tuesday, April 12, 2011 1:10 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] wdf01000.pdb
i am posting this on behalf of Scott Kupec:
The last post by “mm” almost has it right. He mentions:
symchk /av /od /r /s SRV**http://msdl.microsoft.com/download/symbols
except the OP wanted to do this from a non-internet machine. In that case,
From the non-connected machine:
symchk /r /f C:* /s . /om FilesToGet.txt
The generated FilesToGet.txt is all readable plaintext which, so far, has
allied any customer concerns about exactly what information is leaving the
machine.
Copy the generated FilesToGet.txt to a connected machine and…
symchk /s SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols /im
FilesToGet.txt
which will populate C:\SymCache with all of the (available) PDBs for the
original system. From there, you do have to find a way to get the directory
available to the non-connected machine but a USB drive usually does the
trick.
This was added a couple of years back for customers that needed to debug in
a secure environment.
–Scott
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Also, for anyone else who might want to use this, this is actually
documented in the windbg docs, much to my surprise, I admit:
http://msdn.microsoft.com/en-us/library/ff560061(v=vs.85).aspx
The other reason I mention this is that before writing a tool to do this
myself, I looked at the command line help for symchk, and based on that
information, I never even considered that it might do this:
/im Input is a manifest previously created using the /om
option.
/om Print out a manifest file for later use with the ‘/im’
option.
I probably should have tried these anyway, but I figured ‘manifest’ had
something to do with those horrible sxs things that I try to avoid like the
plague.
Had I looked in the help, however, I would have known exactly how to do
this, and not written the tool, not that that took all that long.
Live and learn.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@Microsoft.com
Sent: Tuesday, April 12, 2011 1:10 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] wdf01000.pdb
i am posting this on behalf of Scott Kupec:
The last post by “mm” almost has it right. He mentions:
symchk /av /od /r /s SRV**http://msdl.microsoft.com/download/symbols
except the OP wanted to do this from a non-internet machine. In that case,
From the non-connected machine:
symchk /r /f C:* /s . /om FilesToGet.txt
The generated FilesToGet.txt is all readable plaintext which, so far, has
allied any customer concerns about exactly what information is leaving the
machine.
Copy the generated FilesToGet.txt to a connected machine and…
symchk /s SRVC:\SymCachehttp://msdl.microsoft.com/download/symbols /im
FilesToGet.txt
which will populate C:\SymCache with all of the (available) PDBs for the
original system. From there, you do have to find a way to get the directory
available to the non-connected machine but a USB drive usually does the
trick.
This was added a couple of years back for customers that needed to debug in
a secure environment.
–Scott
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Scott would know… he IS, after all, Mr. Symbol Server (and Mr. lots of other things we here in the community have come to count on).
That’s a terrific feature that I never knew about. Live and learn. Think I’ll mention it in the next issue of The NT Insider.
Thank you Doron.
Thank you Scott.
Peter
OSR