Home > Others

A little experience of WinDbg loading symbol table

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Create a new environment variable _NT_SYMBOL_PATH value is: srv*c:\mysymbol* http://msdl.microsoft.com/download/symbols

WinDbg unable to load symbol table is very painful things, clearly the symbol table path has been loaded, but still can not add breakpoints, the following directly into the theme:
The symbol table cannot be loaded and the breakpoint cannot be triggered.

1, check the sympath is correct

Kd>. Sympath
Symbol Search Path Is:srv*http://msdl.microsoft.com/download/symbols; C:\windows\symbols;d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386
Expanded Symbol Search Path is:srv*http://msdl.microsoft.com/download/symbols;c:\windows\symbols;d:\vssdatabase\ Truecrypt\driver\obj_driver_debug\i386

Previous attempts to think that the path of the symbol table in front and in the back of the relationship is very large, after all, is to find the path, as long as the search is correct, the path and the symbol table in what position and what is the relationship between.

Src* and; Before the difference: src* is a symbol table server to find, and; go to the local path to find, for a machine is the same.

The SYS file records the location of the PDB file to find the symbol table, so the set directory must be a compile-time directory, even if the files in the compiled directory are copied out and placed elsewhere, and then the WinDbg symbol directory is set to that directory WinDbg is not known. Because the windbg of the symbol file for SYS will only go to the directory specified by the sys. It's a strange thing to do when you configure WinDbg before. Baffled
2,!lmi TrueCrypt find the corresponding module information

Kd>!lmi TrueCrypt
Loaded Module Info: [TrueCrypt]
Module:truecrypt
Base address:ee21b000
Image Name:truecrypt.sys
Machine type:332 (I386)
Time stamp:4d889673 Tue Mar 22 20:30:43 2011
Size:4ef80
checksum:55776
characteristics:102
Debug Data dirs:type Size VA pointer
CodeView 5c, 43fc8, 43fc8 rsds-guid: {1b9489ba-e47d-4e48-89eb-d0cb60055f22}
Age:1, pdb:d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\truecrypt.pdb
Image Type:memory-image read successfully from Loaded MEMORY.
Symbol type:export-pdb not found
Load Report:export Symbols



Symbol type:export-pdb not found sign table not found
Export
No symbol file found, using output information from image file (such as export of DLL) as symbol
3, check the symbol table loading details
!sym Noisy
When WinDbg loads the symbol file, displays the path of symbol, which is not displayed by default.
YMSRV: Unable to establish a connection to the server
Symsrv:c:\windows\symbols\truecrypt.pdb\1b9489bae47d4e4889ebd0cb60055f221\truecrypt.pdb not found
!sym quiet does not show path
SYMSRV:truecrypt.pdb not found

Kd>!sym Noisy
Noisy Mode-symbol prompts on

kd>. reload/f Truecrypt.sys
SYMSRV: Unable to establish a connection to the server
Symsrv:c:\windows\symbols\truecrypt.pdb\1b9489bae47d4e4889ebd0cb60055f221\truecrypt.pdb not found
Symsrv:http://msdl.microsoft.com/download/symbols/truecrypt.pdb/1b9489bae47d4e4889ebd0cb60055f221/truecrypt.pdb not found
dbghelp:d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\truecrypt.pdb-mismatched PDB
Dbghelp:d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\sys\truecrypt.pdb-file not found
Dbghelp:d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\symbols\sys\truecrypt.pdb-file not found
SYMSRV: Unable to establish a connection to the server
Symsrv:d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\truecrypt.pdb\1b9489bae47d4e4889ebd0cb60055f221\ Truecrypt.pdb not found
Symsrv:c:\windows\symbols\truecrypt.pdb\1b9489bae47d4e4889ebd0cb60055f221\truecrypt.pdb not found
Symsrv:http://msdl.microsoft.com/download/symbols/truecrypt.pdb/1b9489bae47d4e4889ebd0cb60055f221/truecrypt.pdb not found
dbghelp:d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\truecrypt.pdb-mismatched PDB
Dbghelp:couldn ' t load mismatched pdb for Truecrypt.sys
Error:symbol file could not is found. defaulted to export symbols for Truecrypt.sys-
Dbghelp:truecrypt-export symbols


Note that the above line, the position of the symbol table is correct, but the result is mismatched PDB, so I will be the contents of the debug directory, deleted and regenerated, and copied to the virtual machine, the result is still the same,
is still the mismatched PDB.
4, the module details control
! Itoldyouso tests the validity of a module against a symbol file. The module can be specified by either it name or base address. If a symbol file is not specified, then the loaded symbol is tested.
Otherwise, if a PDB or DBG symbol file path is specified, it is tested against the loaded module.

kd>!itoldyouso TrueCrypt d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\truecrypt.pdb

Truecrypt.sys
timestamp:4d889673
Sizeofimage:4ef80
Pdb:d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\truecrypt.pdb
PDB SIG:1B9489BA-E47D-4E48-89EB-D0CB60055F22
Age:1

Truecrypt.pdb
PDB SIG:329A35FA-70B8-4A97-BB0E-99BA6342AB6A
Age:1

Sig MISMATCH:truecrypt.pdb and Truecrypt.sys



The signatures are different, and the results indicate that the driver I loaded in my virtual machine is inconsistent with the symbol table I rebuilt. After examination found that the Truecrypt.exe start of the load of Truecrypt.sys is not under C:\Windows\System32\Drivers,
Instead, it has been able to successfully load the symbol table under the installation directory of Truecrypt.exe itself, after replacement.
As follows:

Kd>!lmi TrueCrypt
Loaded Module Info: [TrueCrypt]
Module:truecrypt
Base address:ee1ef000
Image Name:truecrypt.sys
Machine type:332 (I386)
Time Stamp:4d8c8e61 Fri Mar 25 20:45:21 2011
size:4f180
Checksum:5b7fa
characteristics:102
Debug Data dirs:type Size VA pointer
CodeView 5c, 44148, 44148 rsds-guid: {160409e4-8efc-4412-b760-4e9bf8f1a05a}
Age:1, pdb:d:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\truecrypt.pdb
Image Type:memory-image read successfully from Loaded MEMORY.
Symbol Type:pdb-symbols loaded successfully from symbol search path.
D:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\truecrypt.pdb
Compiler:resource-front End [0.0 bld 0]-back end [9.0 bld 30729]
Load report:private Symbols & lines, not source indexed
D:\vssdatabase\truecrypt\driver\obj_driver_debug\i386\truecrypt.pdb

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
a certification jobs with no experience little man symbol on samsung phone silhouette of little boy php symbol table elements of user experience pdf little manual of api design symbol of modulus

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More