Remove From My Forums

Trying to view the _FILE_ID_BOTH_DIR_INFORMATION structure in memory with WinDbg

שאלה

היכנס כדי להצביע

I'm trying to view the Windows file system structure _FILE_ID_BOTH_DIR_INFORMATION in memory using WinDbg, but for some reason it tells me that the symbol is not found.

I connected WinDbg with a pipe to a Windows XP virtual machine in order to debug its kernel. I tried viewing the structure's data using the command "dt _FILE_ID_BOTH_DIR_INFORMATION esi" because the value of ESI is an address which contains the structure in question that I want to inspect.

All I got was the following output:

3: kd> dt _FILE_ID_BOTH_DIR_INFORMATION esi
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that     ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: _FILE_ID_BOTH_DIR_INFORMATION                 ***
***                                                                   ***
*************************************************************************
Symbol _FILE_ID_BOTH_DIR_INFORMATION not found.

Other structures are working for me, like _DRIVER_OBJECT.

All I know about the _FILE_ID_BOTH_DIR_INFORMATION symbol is that it is included in ntifs.h, according to Microsoft's documentation. I couldn't find information regarding whether this symbol is provided from Microsoft Symbol Server.

יום ראשון 06 אוקטובר 2019 21:00

תשובות

0

היכנס כדי להצביע
Good day,

Do you speak Hebrew?
This is an Hebrew forum

If you are looking for forum in other languages then you can use the following list of forums:
http://social.technet.microsoft.com/wiki/contents/articles/34901.list-of-forums-by-languages-categories-and-field-of-discussions.aspx

By the way, THIS IS GREAT QUESTION!
I am sry I don't have the answer

If you will not get answer in the Hebrew interface, then you can try in the English forums. They have a lot more participates and in some forums you have several tens of Moderators to keep the forum well managed

Ronen Ariely
[Personal Site] [Blog] [Facebook] [Linkedin]
- הוצע כתשובה על-ידי administrative_account_ra שבת 21 דצמבר 2019 23:54
- סומן כתשובה על-ידי administrative_account_ra יום שני 23 דצמבר 2019 16:30
יום רביעי 09 אוקטובר 2019 16:28

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

משיב מוביל

Trying to view the _FILE_ID_BOTH_DIR_INFORMATION structure in memory with WinDbg

שאלה

תשובות