It bites me. I have a minidump from the customer site (W2KSP1 Japanese)
but no mater what I do it seem impossible to get symbols.
My Symbol File Path is set to
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols but no
matter how hard I hit “Enter” after typing .reload I get “symbol could
not be loaded” and C:\websymbols stays virginally clean. I guess it may
have something to do with the fact that actual “ntoskrnl.exe” is not
available (because of minidump, probably).
Anyway, what can I do to get the correct symbols and finally see the
stack?
TIA
I think you suspect the right spot. I was never successful debugging krnl
crash(mini-dump) on a different machine…
I think this feature is purely inteded for developer having the machine at
hand …
-prokash
----- Original Message -----
From: “Vladimir Chtchetkine”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 9:05 AM
Subject: [ntdev] WinDbg & symbols
It bites me. I have a minidump from the customer site (W2KSP1 Japanese)
but no mater what I do it seem impossible to get symbols.
My Symbol File Path is set to
SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols but no
matter how hard I hit “Enter” after typing .reload I get “symbol could
not be loaded” and C:\websymbols stays virginally clean. I guess it may
have something to do with the fact that actual “ntoskrnl.exe” is not
available (because of minidump, probably).
Anyway, what can I do to get the correct symbols and finally see the
stack?
TIA
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Also with 64KB you would have only the data and stack and some stub ref for
modules !!!
-prokash
----- Original Message -----
From: “Prokash Sinha”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 9:20 AM
Subject: [ntdev] Re: WinDbg & symbols
> I think you suspect the right spot. I was never successful debugging krnl
> crash(mini-dump) on a different machine…
>
> I think this feature is purely inteded for developer having the machine at
> hand …
>
> -prokash
> ----- Original Message -----
> From: “Vladimir Chtchetkine”
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, October 15, 2003 9:05 AM
> Subject: [ntdev] WinDbg & symbols
>
>
> It bites me. I have a minidump from the customer site (W2KSP1 Japanese)
> but no mater what I do it seem impossible to get symbols.
> My Symbol File Path is set to
> SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols but no
> matter how hard I hit “Enter” after typing .reload I get “symbol could
> not be loaded” and C:\websymbols stays virginally clean. I guess it may
> have something to do with the fact that actual “ntoskrnl.exe” is not
> available (because of minidump, probably).
> Anyway, what can I do to get the correct symbols and finally see the
> stack?
>
> TIA
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
What a bummer! 
-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Wednesday, October 15, 2003 9:20 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: WinDbg & symbols
I think you suspect the right spot. I was never successful debugging
krnl
crash(mini-dump) on a different machine…
I think this feature is purely inteded for developer having the machine
at
hand …
-prokash
----- Original Message -----
From: “Vladimir Chtchetkine”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 9:05 AM
Subject: [ntdev] WinDbg & symbols
It bites me. I have a minidump from the customer site (W2KSP1 Japanese)
but no mater what I do it seem impossible to get symbols.
My Symbol File Path is set to
SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols but no
matter how hard I hit “Enter” after typing .reload I get “symbol could
not be loaded” and C:\websymbols stays virginally clean. I guess it may
have something to do with the fact that actual “ntoskrnl.exe” is not
available (because of minidump, probably).
Anyway, what can I do to get the correct symbols and finally see the
stack?
TIA
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@borland.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Actually, it is mainly there for the Microsoft Online Crash Analysis
(the minidump is what is sent when a user is asked if they wish to
send data to Microsoft). About all it is intended for is to a
!analyze -v.
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
----- Original Message -----
From: “Prokash Sinha”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 12:20 PM
Subject: [ntdev] Re: WinDbg & symbols
> I think you suspect the right spot. I was never successful debugging krnl
> crash(mini-dump) on a different machine…
>
> I think this feature is purely inteded for developer having the machine at
> hand …
>
> -prokash
> ----- Original Message -----
> From: “Vladimir Chtchetkine”
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, October 15, 2003 9:05 AM
> Subject: [ntdev] WinDbg & symbols
>
>
> It bites me. I have a minidump from the customer site (W2KSP1 Japanese)
> but no mater what I do it seem impossible to get symbols.
> My Symbol File Path is set to
> SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols but no
> matter how hard I hit “Enter” after typing .reload I get “symbol could
> not be loaded” and C:\websymbols stays virginally clean. I guess it may
> have something to do with the fact that actual “ntoskrnl.exe” is not
> available (because of minidump, probably).
> Anyway, what can I do to get the correct symbols and finally see the
> stack?
>
> TIA
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Yup!!!
U must be facing the pccillin problem from TrenMicro !!!. seeing the other
note. I did have some about a year ago. They have real democratic software,
once they are there, some other can not be there, or for them very very hard
to be there. It is multithreaded because it is kernel module, hence they
have their own democracy !!!
-prokash
----- Original Message -----
From: “Vladimir Chtchetkine”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 9:25 AM
Subject: [ntdev] Re: WinDbg & symbols
What a bummer!
-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Wednesday, October 15, 2003 9:20 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: WinDbg & symbols
I think you suspect the right spot. I was never successful debugging
krnl
crash(mini-dump) on a different machine…
I think this feature is purely inteded for developer having the machine
at
hand …
-prokash
----- Original Message -----
From: “Vladimir Chtchetkine”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 9:05 AM
Subject: [ntdev] WinDbg & symbols
It bites me. I have a minidump from the customer site (W2KSP1 Japanese)
but no mater what I do it seem impossible to get symbols.
My Symbol File Path is set to
SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols but no
matter how hard I hit “Enter” after typing .reload I get “symbol could
not be loaded” and C:\websymbols stays virginally clean. I guess it may
have something to do with the fact that actual “ntoskrnl.exe” is not
available (because of minidump, probably).
Anyway, what can I do to get the correct symbols and finally see the
stack?
TIA
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@borland.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
That’s another story. !analyze doesn’t give me the stack. What I get is
one line:
baf5978c 0000001e c0000005 8044d0da 00000000 nt+0x301a7
Although I’m sure there are more…
-----Original Message-----
From: Don Burn [mailto:xxxxx@acm.org]
Sent: Wednesday, October 15, 2003 9:31 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: WinDbg & symbols
Actually, it is mainly there for the Microsoft Online Crash Analysis
(the minidump is what is sent when a user is asked if they wish to
send data to Microsoft). About all it is intended for is to a
!analyze -v.
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
----- Original Message -----
From: “Prokash Sinha”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 12:20 PM
Subject: [ntdev] Re: WinDbg & symbols
> I think you suspect the right spot. I was never successful debugging
krnl
> crash(mini-dump) on a different machine…
>
> I think this feature is purely inteded for developer having the
machine at
> hand …
>
> -prokash
> ----- Original Message -----
> From: “Vladimir Chtchetkine”
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, October 15, 2003 9:05 AM
> Subject: [ntdev] WinDbg & symbols
>
>
> It bites me. I have a minidump from the customer site (W2KSP1
Japanese)
> but no mater what I do it seem impossible to get symbols.
> My Symbol File Path is set to
> SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols but no
> matter how hard I hit “Enter” after typing .reload I get “symbol could
> not be loaded” and C:\websymbols stays virginally clean. I guess it
may
> have something to do with the fact that actual “ntoskrnl.exe” is not
> available (because of minidump, probably).
> Anyway, what can I do to get the correct symbols and finally see the
> stack?
>
> TIA
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@borland.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
You can analyze minidumps on a separate machine. I do it at least a few
times a month.
The extra thing you need to do (compared to full dumps) is to set
.exepath to point to the location(s) of the binaries which match the
binaries in the dump.
I believe I saw an announcment by Andre once that said that stub
versions of OS binaries were indexed into the on-line symbol store. As
I understand it those binaries will allow you to get symbols loaded, but
will not provide disassembly.
So running this SHOULD work:
windbg -z -y
SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols -i
SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols
If not and you really want to be able to easily load minidumps what I’d
suggest is to build your own symbol store with the executables in them.
It shouldn’t be too hard (for Gold and SP OS builds at least). The
steps simply(?) are to take the product CD in the drive, write a script
to extract/expand the files on the CD into a dir on the local HD, run
symstore on the local dir, and you would have all those binaries indexed
into your symbol store. Then point the exepath to your symbol store.
Hope this helps.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Wednesday, October 15, 2003 9:31 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: WinDbg & symbols
Actually, it is mainly there for the Microsoft Online Crash Analysis
(the minidump is what is sent when a user is asked if they wish to send
data to Microsoft). About all it is intended for is to a !analyze -v.
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
----- Original Message -----
From: “Prokash Sinha”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 12:20 PM
Subject: [ntdev] Re: WinDbg & symbols
> I think you suspect the right spot. I was never successful debugging
krnl
> crash(mini-dump) on a different machine…
>
> I think this feature is purely inteded for developer having the
machine at
> hand …
>
> -prokash
> ----- Original Message -----
> From: “Vladimir Chtchetkine”
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, October 15, 2003 9:05 AM
> Subject: [ntdev] WinDbg & symbols
>
>
> It bites me. I have a minidump from the customer site (W2KSP1
Japanese)
> but no mater what I do it seem impossible to get symbols.
> My Symbol File Path is set to
> SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols but no
> matter how hard I hit “Enter” after typing .reload I get “symbol could
> not be loaded” and C:\websymbols stays virginally clean. I guess it
may
> have something to do with the fact that actual “ntoskrnl.exe” is not
> available (because of minidump, probably).
> Anyway, what can I do to get the correct symbols and finally see the
> stack?
>
> TIA
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Well, I remember interoping with them at plugfests but I don’t remember
any significant problems. Things, however, change so it could be my new
driver or their new driver or wrong Moon phase. Anyway, I will try to
get them involved…
-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Wednesday, October 15, 2003 9:45 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: WinDbg & symbols
Yup!!!
U must be facing the pccillin problem from TrenMicro !!!. seeing the
other
note. I did have some about a year ago. They have real democratic
software,
once they are there, some other can not be there, or for them very very
hard
to be there. It is multithreaded because it is kernel module, hence they
have their own democracy !!!
-prokash
----- Original Message -----
From: “Vladimir Chtchetkine”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 9:25 AM
Subject: [ntdev] Re: WinDbg & symbols
What a bummer!
-----Original Message-----
From: Prokash Sinha [mailto:xxxxx@garlic.com]
Sent: Wednesday, October 15, 2003 9:20 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: WinDbg & symbols
I think you suspect the right spot. I was never successful debugging
krnl
crash(mini-dump) on a different machine…
I think this feature is purely inteded for developer having the machine
at
hand …
-prokash
----- Original Message -----
From: “Vladimir Chtchetkine”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 9:05 AM
Subject: [ntdev] WinDbg & symbols
It bites me. I have a minidump from the customer site (W2KSP1 Japanese)
but no mater what I do it seem impossible to get symbols.
My Symbol File Path is set to
SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols but no
matter how hard I hit “Enter” after typing .reload I get “symbol could
not be loaded” and C:\websymbols stays virginally clean. I guess it may
have something to do with the fact that actual “ntoskrnl.exe” is not
available (because of minidump, probably).
Anyway, what can I do to get the correct symbols and finally see the
stack?
TIA
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@borland.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@garlic.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@borland.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Thanks, Nathan!
Actually, the trick of pointing .exepath to the MS symserver didn’t
work. Timestamp for ntoskrnl.exe still can’t be verified. But what
bothers me most is that I can’t get the stack out of this minidump. The
only thing I get is this:
WARNING: Stack unwind information not available. Following frames may be
wrong.
baf5978c 0000001e c0000005 8044d0da 00000000 nt+0x301a7
-----Original Message-----
From: Nathan Nesbit [mailto:xxxxx@windows.microsoft.com]
Sent: Wednesday, October 15, 2003 10:05 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: WinDbg & symbols
You can analyze minidumps on a separate machine. I do it at least a few
times a month.
The extra thing you need to do (compared to full dumps) is to set
.exepath to point to the location(s) of the binaries which match the
binaries in the dump.
I believe I saw an announcment by Andre once that said that stub
versions of OS binaries were indexed into the on-line symbol store. As
I understand it those binaries will allow you to get symbols loaded, but
will not provide disassembly.
So running this SHOULD work:
windbg -z -y
SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols -i
SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols
If not and you really want to be able to easily load minidumps what I’d
suggest is to build your own symbol store with the executables in them.
It shouldn’t be too hard (for Gold and SP OS builds at least). The
steps simply(?) are to take the product CD in the drive, write a script
to extract/expand the files on the CD into a dir on the local HD, run
symstore on the local dir, and you would have all those binaries indexed
into your symbol store. Then point the exepath to your symbol store.
Hope this helps.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Wednesday, October 15, 2003 9:31 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Re: WinDbg & symbols
Actually, it is mainly there for the Microsoft Online Crash Analysis
(the minidump is what is sent when a user is asked if they wish to send
data to Microsoft). About all it is intended for is to a !analyze -v.
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
----- Original Message -----
From: “Prokash Sinha”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, October 15, 2003 12:20 PM
Subject: [ntdev] Re: WinDbg & symbols
> I think you suspect the right spot. I was never successful debugging
krnl
> crash(mini-dump) on a different machine…
>
> I think this feature is purely inteded for developer having the
machine at
> hand …
>
> -prokash
> ----- Original Message -----
> From: “Vladimir Chtchetkine”
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, October 15, 2003 9:05 AM
> Subject: [ntdev] WinDbg & symbols
>
>
> It bites me. I have a minidump from the customer site (W2KSP1
Japanese)
> but no mater what I do it seem impossible to get symbols.
> My Symbol File Path is set to
> SRVc:\websymbolshttp://msdl.microsoft.com/download/symbols but no
> matter how hard I hit “Enter” after typing .reload I get “symbol could
> not be loaded” and C:\websymbols stays virginally clean. I guess it
may
> have something to do with the fact that actual “ntoskrnl.exe” is not
> available (because of minidump, probably).
> Anyway, what can I do to get the correct symbols and finally see the
> stack?
>
> TIA
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@garlic.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@acm.org
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@borland.com
To unsubscribe send a blank email to xxxxx@lists.osr.com