I'm using windbg (the latest available from the MSDN download page).
I'm trying to debug a deadlock in my app, and !locks would be very useful. However, it's not working:
0:023> !locks NTSDEXTS: Unable to resolve ntdll!RTL_CRITICAL_SECTION_DEBUG type
NTSDEXTS: Please check your symbols
I don't know why it's upset. I've got symbols properly loaded:
0:023> .sympath
Symbol search path is: srv*
Expanded Symbol search path is: cache*c:\debuggers\sym;SRV*http://msdl.microsoft.com/download/symbols
And NTSD agrees:
0:023> lmv m ntdll
start end module name
777b0000 77930000 ntdll (pdb symbols) c:\debuggers\sym\wntdll.pdb\E9D10FA3EB884A23A5854E04FB7E2F0C2\wntdll.pdb
Loaded symbol image file: C:\Windows\SysWOW64\ntdll.dll
Image path: ntdll.dll
Image name: ntdll.dll
Timestamp: Mon Jul 13 18:11:23 2009 (4A5BDB3B)
CheckSum: 00148A78
ImageSize: 00180000
File version: 6.1.7600.16385
Product version: 6.1.7600.16385
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntdll.dll
OriginalFilename: ntdll.dll
ProductVersion: 6.1.7600.16385
FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
FileDescription: NT Layer DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
And the stack looks good:
0:036> k
ChildEBP RetAddr
1506fdd8 7784f546 ntdll!DbgBreakPoint
1506fe08 75bf3677 ntdll!DbgUiRemoteBreakin+0x3c
1506fe14 777e9d72 kernel32!BaseThreadInitThunk+0xe
1506fe54 777e9d45 ntdll!__RtlUserThreadStart+0x70
1506fe6c 00000000 ntdll!_RtlUserThreadStart+0x1b
Any help is appreciated.
Useful link.
The correct version that fixes this is 6.12.2.633. It's part of WDK 7.1 in the "debuggers" folder in the root of the DVD (.iso).
Alternatively, grab the WDK 7.1 web installer and install "just" Debugging Tools for Windows (though that seems to involve a hundred odd megabytes of extraneous material that does not correspond with any of the checkboxes in the installer).
dlanod comments:
I also found msdn-archives
which lets you download standalone versions of the new release.
And this link does in fact work. (Much better than the WDK installer)
Related
Generally speaking, dumpbin /symbols shows the symbols exported from a static library, and dumpbin /exports shows the symbols exported from a dynamic library.
I have encountered a library that doesn't show up as either:
(c1) C:\Python-3.10.4\PCbuild\amd64>dumpbin /symbols liblzma.lib
Microsoft (R) COFF/PE Dumper Version 14.31.31104.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file liblzma.lib
File Type: LIBRARY
(c1) C:\Python-3.10.4\PCbuild\amd64>dumpbin /exports liblzma.lib
Microsoft (R) COFF/PE Dumper Version 14.31.31104.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file liblzma.lib
File Type: LIBRARY
So far, it looks empty, but it's not:
(c1) C:\Python-3.10.4\PCbuild\amd64>dumpbin /all liblzma.lib
Microsoft (R) COFF/PE Dumper Version 14.31.31104.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file liblzma.lib
File Type: LIBRARY
Archive member name at 8: /
62937EFF time/date Sun May 29 15:11:11 2022
uid
gid
0 mode
147C size
correct header end
203 public symbols
3DFE lzma_simple_x86_decoder_init
3DFE lzma_simple_x86_encoder_init
120A0 lzma_simple_sparc_decoder_init
120A0 lzma_simple_sparc_encoder_init
1FB6A lzma_simple_props_encode
1FB6A lzma_simple_props_size
2CD9E lzma_simple_props_decode
3A070 lzma_simple_coder_init
49578 lzma_simple_powerpc_decoder_init
49578 lzma_simple_powerpc_encoder_init
...
So it has plenty of contents, that are showing up as... what is going on here? What kind of library is this? How should the above output be interpreted?
When I tried to validate, if WinDbg has been setup properly, I opened the executable C:\WINDOWS\NOTEPAD.exe and tried to check the loaded modules.
First of all, these are the environment variables set:
_NT_SYMBOL_PATH: c:\mysymbols;SRV*c:\symbols*https://msdl.microsoft.com/download/symbols
_NT_EXECUTABLE_IMAGE_PATH: SRV*c:\symbols
This is the WinDbg output:
CommandLine: C:\WINDOWS\NOTEPAD.EXE
Symbol search path is: SRV*C:\symbols*https://msdl.microsoft.com/download/symbols;c:\mysymbols
Executable search path is: SRV*c:\symbols
ModLoad: 01000000 01014000 notepad.exe
ModLoad: 7c910000 7c9c9000 ntdll.dll
ModLoad: 7c800000 7c908000 C:\WINDOWS\system32\kernel32.dll
ModLoad: 76350000 7639a000 C:\WINDOWS\system32\comdlg32.dll
ModLoad: 77da0000 77e4a000 C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77e50000 77ee3000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 77fc0000 77fd1000 C:\WINDOWS\system32\Secur32.dll
ModLoad: 773a0000 774a3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll
ModLoad: 77be0000 77c38000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 77ef0000 77f39000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 7e360000 7e3f1000 C:\WINDOWS\system32\USER32.dll
ModLoad: 77f40000 77fb6000 C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 7e670000 7ee91000 C:\WINDOWS\system32\SHELL32.dll
ModLoad: 72f70000 72f96000 C:\WINDOWS\system32\WINSPOOL.DRV
(ef8.f6c): Break instruction exception - code 80000003 (first chance)
eax=001a1eb4 ebx=7ffd5000 ecx=00000007 edx=00000080 esi=001a1f48 edi=001a1eb4
eip=7c91120e esp=0007fb20 ebp=0007fc94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!DbgBreakPoint:
7c91120e cc int 3
I switched on sym noisy mode, called .reload and got the continued output when I tried to list the loaded modules:
0:000> !sym noisy
noisy mode - symbol prompts on
0:000> .reload
Reloading current modules
..............
DBGHELP: c:\mysymbols\ntdll.pdb - mismatched pdb
DBGHELP: c:\mysymbols\symbols\dll\ntdll.pdb - file not found
DBGHELP: c:\mysymbols\dll\ntdll.pdb - file not found
SYMSRV: Die Serververbindung wurde zurückgesetzt.
SYMSRV: c:\symbols\ntdll.pdb\A618C674A4FC40F5B1781029C2C7F68E2\ntdll.pdb not found
SYMSRV: https://msdl.microsoft.com/download/symbols/ntdll.pdb/A618C674A4FC40F5B1781029C2C7F68E2/ntdll.pdb not found
DBGHELP: C:\WINDOWS\system32\ntdll.pdb - file not found
DBGHELP: ntdll.pdb - file not found
DBGHELP: Couldn't load mismatched pdb for C:\WINDOWS\system32\ntdll.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
DBGHELP: ntdll - export symbols
0:000> lm
start end module name
01000000 01014000 notepad (deferred)
72f70000 72f96000 WINSPOOL (deferred)
76350000 7639a000 comdlg32 (deferred)
773a0000 774a3000 COMCTL32 (deferred)
77be0000 77c38000 msvcrt (deferred)
77da0000 77e4a000 ADVAPI32 (deferred)
77e50000 77ee3000 RPCRT4 (deferred)
77ef0000 77f39000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
7c800000 7c908000 kernel32 (deferred)
7c910000 7c9c9000 ntdll (export symbols) C:\WINDOWS\system32\ntdll.dll
7e360000 7e3f1000 USER32 (deferred)
7e670000 7ee91000 SHELL32 (deferred)
The line 7c910000 7c9c9000 ntdll (export symbols) C:\WINDOWS\system32\ntdll.dll shows, that the symbol files couldn't get loaded successfully.
I have downloaded and installed the symbols (like WindowsXP-KB835935-SP2-slp-Symbols) but still the PDB files don't seem to match with my ntdll.dll build. But why is that the case? Is there any chance I can get this to work?
As I couldn't stop pondering about the root of the problem, I reread the output above:
SYMSRV: c:\symbols\ntdll.pdb\A618C674A4FC40F5B1781029C2C7F68E2\ntdll.pdb not found
SYMSRV: https://msdl.microsoft.com/download/symbols/ntdll.pdb/A618C674A4FC40F5B1781029C2C7F68E2/ntdll.pdb not found
The debugger is looking for a symbol file having the GUID A618C674A4FC40F5B1781029C2C7F68E2, it even outputs an URI it is trying to load the pdb from. Thus, I tried to download the pdb manually, which worked, created the GUID directory manually, renamed the blob file to ntdll.pdb and placed it within the GUID-directory.
As a result, it did finally work, as the following output shows:
:000> .reload
Reloading current modules
............
DBGHELP: c:\mysymbols\ntdll.pdb - mismatched pdb
DBGHELP: c:\mysymbols\symbols\dll\ntdll.pdb - file not found
DBGHELP: c:\mysymbols\dll\ntdll.pdb - file not found
DBGHELP: ntdll - public symbols
c:\symbols\ntdll.pdb\A618C674A4FC40F5B1781029C2C7F68E2\ntdll.pdb
..
0:000> lm
start end module name
01000000 01014000 notepad (deferred)
72f70000 72f96000 WINSPOOL (deferred)
76350000 7639a000 comdlg32 (deferred)
773a0000 774a3000 COMCTL32 (deferred)
77be0000 77c38000 msvcrt (deferred)
77da0000 77e4a000 ADVAPI32 (deferred)
77e50000 77ee2000 RPCRT4 (deferred)
77ef0000 77f38000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
7c800000 7c907000 kernel32 (deferred)
7c910000 7c9c9000 ntdll (pdb symbols) c:\symbols\ntdll.pdb\A618C674A4FC40F5B1781029C2C7F68E2\ntdll.pdb
7e360000 7e3f0000 USER32 (deferred)
7e670000 7ee90000 SHELL32 (deferred)
EDIT: I was finally able to get the automatic download from the symbol server working! I always thought about it in the beginning, but did not believe it could be the reason: With a newer version 6.12.0002.633 it does work as expected, while with the 6.6.07.5 it did not.
I was trying to set up my debugging environment, but it works perfectly on windbg x64 10.0.17763.132, but however when I tried to use !address , !heap it doesn't work because No symbols for ntdll. Cannot continue.. I also tried to reinstall c++ redistributable , and debugging tools, and nothing seems to work. I got Windows 10 SDK, version 1809 (10.0.17763.0) , and maybe MS symbols server is having an issue with it
ntdll log
0:000> lmvm ntdll
Browse full module list
start end module name
77370000 7750a000 ntdll (pdb symbols) c:\windbgsymbols\wntdll.pdb\D85FCE08D56038E2C69B69F29E11B5EE1\wntdll.pdb
Loaded symbol image file: C:\WINDOWS\SYSTEM32\ntdll.dll
Image path: ntdll.dll
Image name: ntdll.dll
Browse all global symbols functions data
Image was built with /Brepro flag.
Timestamp: A4208572 (This is a reproducible build file hash, not a timestamp)
CheckSum: 00198081
ImageSize: 0019A000
File version: 10.0.18362.387
Product version: 10.0.18362.387
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
Information from resource tables:
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntdll.dll
OriginalFilename: ntdll.dll
ProductVersion: 10.0.18362.387
FileVersion: 10.0.18362.387 (WinBuild.160101.0800)
FileDescription: NT Layer DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
0:000> !heap
Invalid type information
0:000> !address
No symbols for ntdll. Cannot continue.
proof
This is how you see what is happening with symbol loading:
!sym noisy
.reload /f ntdll.dll
Using the instructions from here. Updated because of depreciated options for cl.exe leaves me with the error
lua: error loading module 'pack' from file './pack.dll':
%1 is not a valid Win32 application.
When I get to testing the compiled pack.dll
Full command line readout as follows:
C:\luawin\lpack-master\pack>cl /c /W1 /Zl /Zi /MD /DWIN32 lpack.c
Microsoft (R) C/C++ Optimizing Compiler Version 19.13.26129 for x86
Copyright (C) Microsoft Corporation. All rights reserved.
lpack.c
C:\luawin\lpack-master\pack>link /dll /out:pack.dll /base:0x67400000
/machine:ix86 /export:luaopen_pack lpack.obj lua5.3.lib msvcrt.lib
Microsoft (R) Incremental Linker Version 14.13.26129.0
Copyright (C) Microsoft Corporation. All rights reserved.
Creating library pack.lib and object pack.exp
C:\luawin\lpack-master\pack>lua -e "package.cpath='./?.dll' require
'pack' print(string.pack('b3', 76, 117, 97))"
lua: error loading module 'pack' from file './pack.dll':
%1 is not a valid Win32 application.
stack traceback:
[C]: in ?
[C]: in function 'require'
(command line):1: in main chunk
[C]: in ?
Some sort of architecture option issue I presume.
I've got a minidump file from a crash in one of our apps. It's a 32-bit native app, and it was running on 64-bit Windows.
If I load the minidump file into WinDbg, WinDbg won't load the symbols for the system DLLs. I've got my symbol paths configured correctly:
_NT_SYMBOL_PATH=SRV*C:\WebSymbols*http://msdl.microsoft.com/download/symbols
...because WinDbg correctly loads symbols for minidumps created on 32-bit Windows. It just won't load symbols for DLLs in the SysWOW64 directory.
I've tried 32-bit WinDbg (from Debugging Tools 6.9) on 32-bit Windows 2003, and 64-bit WinDbg (also from Debugging Tools 6.9) on 64-bit Windows 2008. Both fail to load the symbols. This is from the 32-bit WinDbg:
0:014> !sym noisy
noisy mode - symbol prompts on
0:014> .reload
....................................................................................
Loading unloaded module list
..
SYMSRV: C:\WebSymbols\ntdll.dll\48E714D0170000\ntdll.dll not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntdll.dll/48E714D0170000/ntdll.dll not found
DBGENG: C:\Windows\SysWOW64\ntdll.dll - Couldn't map image from disk.
Unable to load image C:\Windows\SysWOW64\ntdll.dll, Win32 error 0n2
DBGENG: ntdll.dll - Partial symbol image load missing image info
DBGHELP: Module is not fully loaded into memory.
DBGHELP: Searching for symbols using debugger-provided data.
SYMSRV: C:\WebSymbols\wntdll.pdb\6686D0C5D0554E14953396093DA218A92\wntdll.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/wntdll.pdb/6686D0C5D0554E14953396093DA218A92/wntdll.pdb not found
DBGHELP: wntdll.pdb - file not found
*** WARNING: Unable to verify timestamp for ntdll.dll
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
DBGHELP: ntdll - no symbols loaded
SYMSRV: C:\WebSymbols\kernel32.dll\48E7156Cf0000\kernel32.dll not found
SYMSRV: http://msdl.microsoft.com/download/symbols/kernel32.dll/48E7156Cf0000/kernel32.dll not found
DBGENG: C:\Windows\SysWOW64\kernel32.dll - Couldn't map image from disk.
Unable to load image C:\Windows\SysWOW64\kernel32.dll, Win32 error 0n2
DBGENG: kernel32.dll - Partial symbol image load missing image info
DBGHELP: Module is not fully loaded into memory.
DBGHELP: Searching for symbols using debugger-provided data.
SYMSRV: C:\WebSymbols\wkernel32.pdb\B0C3B36CC7EF4F3E9C168E186A5A6FEB2\wkernel32.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/wkernel32.pdb/B0C3B36CC7EF4F3E9C168E186A5A6FEB2/wkernel32.pdb not found
DBGHELP: wkernel32.pdb - file not found
*** WARNING: Unable to verify timestamp for kernel32.dll
*** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
DBGHELP: kernel32 - no symbols loaded
SYMSRV: C:\WebSymbols\KERNELBASE.dll\48E7156D5a000\KERNELBASE.dll not found
SYMSRV: http://msdl.microsoft.com/download/symbols/KERNELBASE.dll/48E7156D5a000/KERNELBASE.dll not found
DBGENG: C:\Windows\SysWOW64\KERNELBASE.dll - Couldn't map image from disk.
DBGENG: KERNELBASE.dll - Partial symbol image load missing image info
DBGHELP: Module is not fully loaded into memory.
DBGHELP: Searching for symbols using debugger-provided data.
SYMSRV: C:\WebSymbols\wkernelbase.pdb\A8683F0C515F469B833E3FA562E0DB251\wkernelbase.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/wkernelbase.pdb/A8683F0C515F469B833E3FA562E0DB251/wkernelbase.pdb not found
DBGHELP: wkernelbase.pdb - file not found
*** WARNING: Unable to verify timestamp for KERNELBASE.dll
*** ERROR: Module load completed but symbols could not be loaded for KERNELBASE.dll
DBGHELP: KERNELBASE - no symbols loaded
Any ideas? Are the symbols just not available on Microsoft's symbol server?
Are you debugging on a 32-bit or 64-bit system, and with the 32 or 64-bit version of WinDBG? You typically have to debug on the same architecture package you took the dump from:
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
"The 32-bit version of Debugging Tools for Windows is the best choice, unless you are debugging an application on a 64-bit processor. In that case, you should use a 64-bit package."
Also, take a look at this article where he is debugging a 32-bit app running on a 64-bit platform:
http://blogs.msdn.com/alejacma/archive/2008/07/18/How-to-use-Windbg-to-debug-a-dump-of-a-32bit-.NET-app-running-on-a-x64-machine.aspx
Consider the workaround mentionned here where syswo64\ntdll.dll is copied to Syswow64\ntdll32.dll
https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=98781&wa=wsignin1.0
Works for me.