询问者
Request for windows symbol server
问题
-
在使用Windbg对一个蓝屏memory dump进行分析时,打开dump file时,windbg提示
Symbol search path is: c:\windows\symbols;SRV*c:\webdown*http://msdl.microsoft.com/download/symbols
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81c02000 PsLoadedModuleList = 0x81d19c70
Debug session time: Tue Jan 1 21:49:04.422 2008 (GMT+8)
System Uptime: 0 days 0:08:28.038
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
我安装在本地的symbol版本windows_longhorn.6001.080118-1840.x86fre.symbols
memory dump 是从一台vista x86 sp1的机器上copy过来的,如下
0: kd> vertarget
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:*** ERROR: Module load completed but symbols could not be loaded for srv.sys
0: kd> .reload nt
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
0: kd> !sym noisy
noisy mode - symbol prompts on
0: kd> .reload nt
DBGHELP: c:\windows\symbols\ntkrpamp.pdb - file not found
DBGHELP: c:\windows\symbols\exe\ntkrpamp.pdb - mismatched pdb
DBGHELP: c:\windows\symbols\symbols\exe\ntkrpamp.pdb - file not found
SYMSRV: c:\webdown\ntkrpamp.pdb\E3AF30C94A334570818A670674C7F9602\ntkrpamp.pdb not found
SYMSRV: http://msdl.microsoft.com/downloads/symbols/ntkrpamp.pdb/E3AF30C94A334570818A670674C7F9602/ntkrpamp.pdb not found
SYMSRV: c:\webdown\ntkrpamp.pdb\E3AF30C94A334570818A670674C7F9602\ntkrpamp.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrpamp.pdb/E3AF30C94A334570818A670674C7F9602/ntkrpamp.pdb not found
DBGHELP: ntkrpamp.pdb - file not found
DBGHELP: Couldn't load mismatched pdb for ntkrpamp.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
DBGHELP: nt - export symbols
请问这种问题该怎么解决,symbol file server有用体还是需要其他的设置呢??
谢谢
Jacky_Deng
全部回复
-
正确的做法如下:
------------------------------------------------------------
首先下载windebug
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
说下debug方法
1. 我的电脑,属性->高级->启动,最下面的内存调试选最后一项的全部,确定后重新启动
2. 蓝屏后不要急着重启,系统会保存整个内存内容,然后会自动重启
3. 重启后,windows目录会多出 MEMORY.DMP, 如果1步骤选完全调试,那么这个文件和你的内存一样大
4. 下载安装windwos 的 debug tools, 我这有下载地址,或微软网站
http://public.hshh.org/SysTools/debug/dbg_x86_6.6.07.5.exe
5. 安装后创建一个临时目录,例如 c:\temp
6. 启动 windbg
7. windbg界面: file->symbol file path (ctrl+s) 输入:
SRV*c:\temp*http://msdl.microsoft.com/download/symbols
然后确定
8. windbg界面: file->open crash dump(ctrl+d),打开windows目录下面的 memory.dmp
9. 打开后,等待提示
当出现 Use !analyze -v to get detailed debugging information. 字样后,在下面输入框
!analyze -v
10. 等待分析完毕,可以知道什么导致的出错
11. windbg使用中需要网上下载调试内容,这个速度嘛,取决于你的网络了。-----------------------------------------------------------------------
你把敲!analyze -v的信息发上来也可以!
Microsoft Certified Systems Engineer 如果您觉得对您有帮助,请在“是否有帮助”点“是”;如果你觉得回复很满意,请“标记为已解答” -
这位大侠,我做的步骤和你一样啊,我的memory dump只是kernel memory dump
symbol path 除了设置了symbol server我还设置了一个本地已经安装的symbol file
但是windbg仍然会提示找不到symbol,如果是网速问题,会提示找不到吗??
SYMSRV: c:\webdown\ntkrpamp.pdb\E3AF30C94A334570818A670674C7F9602\ntkrpamp.pdb not found
SYMSRV: http://msdl.microsoft.com/downloads/symbols/ntkrpamp.pdb/E3AF30C94A334570818A670674C7F9602/ntkrpamp.pdb not found
SYMSRV: c:\webdown\ntkrpamp.pdb\E3AF30C94A334570818A670674C7F9602\ntkrpamp.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrpamp.pdb/E3AF30C94A334570818A670674C7F9602/ntkrpamp.pdb not found
谢谢
Jacky_Deng -
Loading Dump File [C:\Users\gr4\Desktop\MEMORY0A for zy6l x86 lan card.DMP]
Kernel Summary Dump File: Only kernel address space is availableSymbol search path is: SRV*c:\webdown*http://msdl.microsoft.com/download/symbols;c:\windows\symbols
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81c02000 PsLoadedModuleList = 0x81d19c70
Debug session time: Tue Jan 1 21:49:04.422 2008 (GMT+8)
System Uptime: 0 days 0:08:28.038
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd700c). Type ".hh dbgerr001" for details
Loading unloaded module list
........
*** ERROR: Symbol file could not be found. Defaulted to export symbols for halmacpi.dll -
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************Use !analyze -v to get detailed debugging information.
BugCheck A, {c4, 2, 1, 81fbeede}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Page 98f11 not present in the dump file. Type ".hh dbgerr004" for details
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\halmacpi.dll\48740A0633000\halmacpi.dll
The system cannot find the file specified.*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
PEB is paged out (Peb.Ldr = 7ffd700c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd700c). Type ".hh dbgerr001" for details
Probably caused by : ntkrpamp.exe ( nt!Kei386EoiHelper+291c )Followup: MachineOwner
---------0: kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
NT symbols are incorrect, please fix symbols
还是不可以阿,还是红色部分是什么意思?
Jacky_Deng -
Loading Dump File [C:\Users\gr4\Desktop\MEMORY0A for zy6l x86 lan card.DMP]
Kernel Summary Dump File: Only kernel address space is availableSymbol search path is: SRV*c:\webdown*http://msdl.microsoft.com/download/symbols;c:\windows\symbols
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Windows Server 2008/Windows Vista Kernel Version 6001 (Service Pack 1) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 6001.18145.x86fre.vistasp1_gdr.080917-1612
Machine Name:
Kernel base = 0x81c02000 PsLoadedModuleList = 0x81d19c70
Debug session time: Tue Jan 1 21:49:04.422 2008 (GMT+8)
System Uptime: 0 days 0:08:28.038
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe -
Loading Kernel Symbols
...............................................................
................................................................
........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 7ffd700c). Type ".hh dbgerr001" for details
Loading unloaded module list
........
*** ERROR: Symbol file could not be found. Defaulted to export symbols for halmacpi.dll -
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************Use !analyze -v to get detailed debugging information.
BugCheck A, {c4, 2, 1, 81fbeede}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
Page 98f11 not present in the dump file. Type ".hh dbgerr004" for details
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Unable to open image file: C:\Program Files\Debugging Tools for Windows (x86)\sym\halmacpi.dll\48740A0633000\halmacpi.dll
The system cannot find the file specified.*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
PEB is paged out (Peb.Ldr = 7ffd700c). Type ".hh dbgerr001" for details
PEB is paged out (Peb.Ldr = 7ffd700c). Type ".hh dbgerr001" for details
Probably caused by : ntkrpamp.exe ( nt!Kei386EoiHelper+291c )Followup: MachineOwner
---------0: kd> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
NT symbols are incorrect, please fix symbols
还是不可以阿,还有红色部分是什么意思?
Jacky_Deng
