Win2000 SP3 symbol mismatch...

WINDBG
1

Hi all,

I have a problem with W2K (free build) SP3 symbols for an mp machine.
Basically:

0: kd> !sym noisy
noisy mode - symbol prompts on
0: kd> .reload /u
Unloaded all modules
0: kd> .reload
DBGHELP: ntkrnlmp.exe is stripped. Searching for dbg file
DBGHELP: F:\Support\w2k\sp3\Symbols\ntkrnlmp.dbg - file not found
DBGHELP: F:\Support\w2k\sp3\Symbols\symbols\exe\ntkrnlmp.dbg - path not
found
DBGHELP: F:\Support\w2k\sp3\Symbols\exe\ntkrnlmp.dbg - mismatched
timestamp
DBGHELP: F:\Support\w2k\sp3\Symbols\ntkrnlmp.pdb - file not found
DBGHELP: F:\Support\w2k\sp3\Symbols\symbols\exe\ntkrnlmp.pdb - file not
found
*** WARNING: symbols timestamp is wrong 0x3d362a77 0x384d5a76 for
ntkrnlmp.exe
DBGHELP: nt - public symbols
F:\Support\w2k\sp3\Symbols\exe\ntkrnlmp.dbg
F:\Support\w2k\sp3\Symbols\exe\ntkrnlmp.pdb
Loading Kernel Symbols

So the symbols are found but the ntoskrnl MP sysmbols mismatch, this is
quite frustrating, as I installed the symbols off the latest msdn CD. Also
went as far as downloading the symbols of the msdn.microsoft.com site but
the symbols where the same???

So is there an issue with the MP symbols? I did not have this problem with
SP2 mp ntosktrnl symbols…

Thanks,

Ian Costello

2

Is it possible the system has been patched (i.e., a hotfix is installed?)

If you can, I’d suggest trying the symbol server, rather than just the sp3
symbols. Thus, you should do:

0: kd> .sympath srv*c:\websymbols*http://msdl.microsoft.com/download/symbols

The second part of this (c:\websymbols) can be any directory, but this is
where the symbol server will download them for local access. If you have
installed a hot fix, this should allow you to download the correct symbols
for the MP kernel.

Hmm, I guess the other question is whether or not the symbols you ARE using
give good, or bogus, information back. In other words, is it really just a
timestamp mismatch (a timestamp has been clobbered) or are they different
symbols?

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@adacel.com.au [mailto:xxxxx@adacel.com.au]
Sent: Monday, January 20, 2003 4:16 AM
To: Kernel Debugging Interest List
Subject: [windbg] Win2000 SP3 symbol mismatch…

Hi all,

I have a problem with W2K (free build) SP3 symbols for an mp machine.
Basically:

0: kd> !sym noisy
noisy mode - symbol prompts on
0: kd> .reload /u
Unloaded all modules
0: kd> .reload
DBGHELP: ntkrnlmp.exe is stripped. Searching for dbg file
DBGHELP: F:\Support\w2k\sp3\Symbols\ntkrnlmp.dbg - file not found
DBGHELP: F:\Support\w2k\sp3\Symbols\symbols\exe\ntkrnlmp.dbg - path not
found
DBGHELP: F:\Support\w2k\sp3\Symbols\exe\ntkrnlmp.dbg - mismatched
timestamp
DBGHELP: F:\Support\w2k\sp3\Symbols\ntkrnlmp.pdb - file not found
DBGHELP: F:\Support\w2k\sp3\Symbols\symbols\exe\ntkrnlmp.pdb - file not
found
*** WARNING: symbols timestamp is wrong 0x3d362a77 0x384d5a76 for
ntkrnlmp.exe
DBGHELP: nt - public symbols
F:\Support\w2k\sp3\Symbols\exe\ntkrnlmp.dbg
F:\Support\w2k\sp3\Symbols\exe\ntkrnlmp.pdb
Loading Kernel Symbols

So the symbols are found but the ntoskrnl MP sysmbols mismatch, this is
quite frustrating, as I installed the symbols off the latest msdn CD. Also
went as far as downloading the symbols of the msdn.microsoft.com site but
the symbols where the same???

So is there an issue with the MP symbols? I did not have this problem with
SP2 mp ntosktrnl symbols…

Thanks,

Ian Costello

You are currently subscribed to windbg as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

3

>

Is it possible the system has been patched (i.e., a hotfix is
installed?)

Not sure…

If you can, I’d suggest trying the symbol server, rather than
just the sp3
symbols. Thus, you should do:

0: kd> .sympath
srv*c:\websymbols*http://msdl.microsoft.com/download/symbols

Anyway, guess what :slight_smile: the symbols match. I read about doing this in the online
documentation but I was a little dubious about it ( don’t ask why :slight_smile: ).

Thanks for the assistance Tony, makes it a lot easier to analyze crash dumps now
(no need to reverse engineer a ton of OS assembler…).

Note: I upgrading another mp machine from w2k sp2 to sp3, and I still had the
problem (this pc was not configured to use the net), so it seems the symbols for
the sp3 on the CD (Windows 2000 Customer Support Diagnostic Tools, Windows 2000
Service Pack 3, October 2002) are out of date?

Thanks,

Ian Costello