none
LiveKD Not Working On Windows 10 RRS feed

  • Question

  • I have a problem using LiveKD on Windows 10. When i run it, i get the following output:

    icrosoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Windows\livekd.dmp]
    Kernel Complete Dump File: Full address space is available

    Comment: 'LiveKD live system view'

    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    **************************************************************************
    THIS DUMP FILE IS PARTIALLY CORRUPT.
    KdDebuggerDataBlock is not present or unreadable.
    **************************************************************************
    Unable to read PsLoadedModuleList
    **************************************************************************
    THIS DUMP FILE IS PARTIALLY CORRUPT.
    KdDebuggerDataBlock is not present or unreadable.
    **************************************************************************
    KdDebuggerData.KernBase < SystemRangeStart
    Windows 8 Kernel Version 9200 MP (8 procs) Free x64
    Machine Name:
    Kernel base = 0x00000000`00000000 PsLoadedModuleList = 0xfffff806`0f4475b0
    Debug session time: Fri Sep 13 08:55:28.671 2019 (UTC - 7:00)
    System Uptime: not available
    **************************************************************************
    THIS DUMP FILE IS PARTIALLY CORRUPT.
    KdDebuggerDataBlock is not present or unreadable.
    **************************************************************************
    Unable to read PsLoadedModuleList
    **************************************************************************
    THIS DUMP FILE IS PARTIALLY CORRUPT.
    KdDebuggerDataBlock is not present or unreadable.
    **************************************************************************
    KdDebuggerData.KernBase < SystemRangeStart
    Loading Kernel Symbols
    Unable to read PsLoadedModuleList
    ReadVirtual() failed in GetXStateConfiguration() first read attempt (error == 127.
    GetContextState failed, 0xD0000147
    CS descriptor lookup failed
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147
    GetContextState failed, 0xD0000147


    Friday, September 13, 2019 3:56 PM

All replies

  • Hello walaaaaa,

    Does this problem occur when you use the -ml option to LiveKd?

    Gary

    Friday, September 13, 2019 7:32 PM
  • Hello Gary,

    Adding -ml to the command line, liveKD not works fine.

    Thanks A Lot

    Friday, September 13, 2019 11:55 PM
  • Hello walaaaaa,

    There are two common ways of creating a live dump: using a single call (from user mode) to a Windows Native API function or loading third party device drivers that know how to create a snapshot of memory. LiveKd with the "-ml" option claims to use the first technique, otherwise LiveKD uses the second technique.

    If both of these approaches create an unusable dump, then I can't think of anything useful that I can say.

    It is possible that you used a combination of options to LiveKd that meant the "-ml" option could not be honoured. If you have not tried it already, try LiveKd with just the "-ml" and "-o" options o eliminate this possibility.

    You could try an alternative tool, such as that mentioned here: https://crashdmp.wordpress.com/2014/08/04/livedump-1-0-is-available/

    For more information about using the Native API function to create a live dump, you could also look here: http://gary-nebbett.blogspot.com/2016/04/examining-windows-kernel-mode-stacks.html

    Gary

    Saturday, September 14, 2019 8:12 AM