All geek questions in one place

Windows Debugging Symbols - No Boot

I have Windows 7 x64 SP1. I downloaded characters from:

http://msdn.microsoft.com/en-us/windows/hardware/gg463028

I downloaded and installed x64 RTM and x64 SP1 characters for Windows 7 x64 SP1. Installed in the T:\Symbols folder.

But when I debug a 64-bit native C ++ application, the characters will not load at all. For example, for ntdll.dll PDBs are located in:

  • T:\Symbols\ntdll.pdb\6192BFDB9F04442995FFCB0BE95172E12
  • T:\Symbols\ntdll.pdb\CFF40300FD804691B73E12CF2A150EE02

But Visual Studio (2008/2010) will not load characters. During debugging, from the module view, I select ntdll.dll and say Load Symbols From -> Symbol Path , specify ntdll.pdb . For both of these paths, he will always say:

No matching character file was found in this folder.

I also added this folder ( T:\Symbols ) to Debugging -> Options , but it still won't load characters. During debugging, the Load All Symbols button will be turned on and clicking will not load the symbol!

For a 32-bit file, the PDB file name will be wntdll.pdb for ntdll.dll and will be stored in folders with GUID format names in the mode mentioned above. But VS will not load characters for 32-bit debugging.

Pretty interesting (and disappointing) when I select Load Symbols From -> Microsoft Symbols Server , it will load and load characters perfectly. It will load the characters in the following location (full path for ntdll ):

enter image description here

\Users\...\AppData\Local\Temp\SymbolCache\ntdll.pdb\6192BFDB9F04442995FFCB0BE95172E12

Here you can see that the GUID corresponds to a folder named GUID in the path T:\Symbols , but for manually installed VS characters it’s hard not to load it!

For NTDLL.PDB, although the corresponding folder is the same and the size of the PDB is also the same, the timestamp may vary.

Sometimes VS also puts characters in:

C:\...\AppData\Local\Temp\SymbolCache\MicrosoftPublicSymbols

If VS will download the correct characters ONLY with Microsoft Symbols Server, then what to use locally loaded characters?

My question mainly is how to download locally downloaded and installed characters?

+6
source share
1 answer

Download links for RTM or SP1 characters are pretty much useless. After each day of the patch, you will receive a modified ntdll.dll or other central OS libraries. This will make your "old" pdbs useless. Therefore, you must download them from the symbol servers to ensure you are up to date.

But since not all DLL files are changed, you must install the Symbol server boot cache in the same place where you unpacked the symbols you downloaded.

Switch to:

Tools - Options - Debugging - Symbols

and set the path for the Cache characters in this directory.

Downloading all symbols means that you are loading all symbols for all modules loaded into your current process. But it will not load all characters for all DLLs that are used by Windows. If you download Windbg, you get a symchk.exe tool that allows you to recursively download characters for all binary files.

+10
source

Source: https://habr.com/ru/post/895518/

More articles:


All Articles