WinDbg Windows符号 [英] WinDbg windows symbols

问题描述

我正在尝试为我编写的应用程序调试转储文件.

I am trying to debug a dump file for an application that I wrote.

我在WinDbg中添加了以下符号路径

I added the following symbols paths to WinDbg

我以为这会下载调试它所需的Windows符号.

I assumed this would download the windows symbols necessary to debug this.

然后我在WinDbg！analyze -v"中运行以下cammand

I then run the following cammand in WinDbg "!analyze -v"

这将开始分析，然后由于找不到符号而失败.

This starts analyzing and then fails because of symbols it cannot find.

当我查看C:\ MyServerSymbols时，我看到以下内容

When I look at C:\MyServerSymbols I see the following

我希望看到的不仅是kernelbase.dll

I would have expected to see more than just the kernelbase.dll

analyze命令抱怨找不到ntdll符号.

The analyze command is complaining that it cannot find the ntdll symbols.

下面是它给我的完整输出.

Below is the full output it is giving me.

有人知道如何获取所需的符号吗?

Does anyone know how to get the symbols it is needing?

0:001> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: $ntdllsym!_CONTEXT                            ***
***                                                                   ***
*************************************************************************
***** OS symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_CONTEXT                                   ***
***                                                                   ***
*************************************************************************

DUMP_CLASS: 2

DUMP_QUALIFIER: 400

CONTEXT:  (.ecxr)
rax=0000015d205000b8 rbx=0000000000000400 rcx=000000003f800000
rdx=000000004001000a rsi=00000040bb2cc3a0 rdi=00007ff6fd43cbe8
rip=00007ffa9b617788 rsp=00000040bb2cba20 rbp=00007ff6fd490690
 r8=00000040bb2cb500  r9=0000015d00000000 r10=0000015d205000b8
r11=0000000000000000 r12=00000000ffffffff r13=0000000000000000
r14=00007ff6fd43cbe8 r15=0000015d362a6b30
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
KERNELBASE+0x17788:
00007ffa`9b617788 488b8c24c0000000 mov     rcx,qword ptr [rsp+0C0h] ss:00000040`bb2cbae0=00007feb67d9e224
Resetting default scope

FAULTING_IP: 
KERNELBASE+17788
00007ffa`9b617788 488b8c24c0000000 mov     rcx,qword ptr [rsp+0C0h]

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffa9b617788 (KERNELBASE+0x0000000000017788)
   ExceptionCode: 00000001
  ExceptionFlags: 00000000
NumberParameters: 0

PROCESS_NAME:  ntdll.wrong.symbols.dll

WRONG_SYMBOLS_TIMESTAMP: 5825887f

WRONG_SYMBOLS_SIZE: 1d1000

FAULTING_MODULE: 00007ffa9ef60000 ntdll

DEBUG_FLR_IMAGE_TIMESTAMP:  5825887f

ADDITIONAL_DEBUG_TEXT:  
You can run '.symfix; .reload' to try to fix the symbol path and load symbols. ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]

LAST_CONTROL_TRANSFER:  from 0000000000000000 to 0000000000000000

ANALYSIS_SESSION_HOST:  L5R5MHC2C16

ANALYSIS_SESSION_TIME:  02-01-2017 10:17:19.0325

ANALYSIS_VERSION: 10.0.14321.1024 amd64fre

STACK_TEXT:  
00000000`00000000 00000000`00000000 WRONG_SYMBOLS!WRONG_SYMBOLS+0x0


STACK_COMMAND:  .ecxr ; kb ; ** Pseudo Context ** ; kb

THREAD_SHA1_HASH_MOD_FUNC:  2a06fe893fc51638e55bcc8ee02bcdf6f10cbc26

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  214d5e958d92c59434e5414a89d1e95c2f82d12a

THREAD_SHA1_HASH_MOD:  79d1e41e8e0e291e73ec18352c568efa4ef4b5ab

SYMBOL_STACK_INDEX:  0

FOLLOWUP_NAME:  MachineOwner

BUGCHECK_STR:  5825887F

EXCEPTION_CODE: (NTSTATUS) 0x5825887f - <Unable to get error code text>

EXCEPTION_CODE_STR:  5825887F

EXCEPTION_STR:  PRIVATE_SYMBOLS

IMAGE_NAME:  ntdll.wrong.symbols.dll

MODULE_NAME: ntdll_wrong_symbols

SYMBOL_NAME:  ntdll_wrong_symbols!5825887F1D1000

BUCKET_ID:  PRIVATE_SYMBOLS_X64_10.0.14393.206_(rs1_release.160915-0644)_TIMESTAMP_161111-085943

DEFAULT_BUCKET_ID:  PRIVATE_SYMBOLS_X64_10.0.14393.206_(rs1_release.160915-0644)_TIMESTAMP_161111-085943

PRIMARY_PROBLEM_CLASS:  PRIVATE_SYMBOLS

FAILURE_BUCKET_ID:  PRIVATE_SYMBOLS_X64_10.0.14393.206_(rs1_release.160915-0644)_TIMESTAMP_161111-085943_5825887F_ntdll.wrong.symbols.dll!5825887F1D1000

FAILURE_EXCEPTION_CODE:  5825887F

FAILURE_IMAGE_NAME:  ntdll.wrong.symbols.dll

BUCKET_ID_IMAGE_STR:  ntdll.wrong.symbols.dll

FAILURE_MODULE_NAME:  ntdll_wrong_symbols

BUCKET_ID_MODULE_STR:  ntdll_wrong_symbols

FAILURE_FUNCTION_NAME:  5825887F1D1000

BUCKET_ID_FUNCTION_STR:  5825887F1D1000

BUCKET_ID_OFFSET:  0

BUCKET_ID_MODTIMEDATESTAMP:  0

BUCKET_ID_MODCHECKSUM:  0

BUCKET_ID_MODVER_STR:  0.0.0.0

BUCKET_ID_PREFIX_STR:  PRIVATE_SYMBOLS_X64_10.0.14393.206_(rs1_release.160915-0644)_TIMESTAMP_161111-085943

FAILURE_PROBLEM_CLASS:  PRIVATE_SYMBOLS_X64_10.0.14393.206_(rs1_release.160915-0644)_TIMESTAMP_161111-085943

FAILURE_SYMBOL_NAME:  ntdll.wrong.symbols.dll!5825887F1D1000

TARGET_TIME:  2017-01-30T03:25:43.000Z

OSBUILD:  14393

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  768

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt SingleUserTS Personal

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2016-07-15 22:21:29

BUILDDATESTAMP_STR:  160915-0644

BUILDLAB_STR:  rs1_release

BUILDOSVER_STR:  10.0.14393.206

ANALYSIS_SESSION_ELAPSED_TIME: f73

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:private_symbols_x64_10.0.14393.206_(rs1_release.160915-0644)_timestamp_161111-085943_5825887f_ntdll.wrong.symbols.dll!5825887f1d1000

FAILURE_ID_HASH:  {018e4f21-5e50-795f-89a0-0abfdc0c2abc}

Followup:     MachineOwner
---------

推荐答案

在运行！analyze -v .symfix 和 .reload 命令.>

Use .symfix and .reload commands before running !analyze -v

这篇关于WinDbg Windows符号的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！