Windbg Symbol Issues

Discussion in 'Software' started by dekernel, Nov 11, 2010.

  1. dekernel

    dekernel Private E-2

    I have a Windows service written in C++ that is crashing. It is generating a mini dump file. I have created a directory (C:\MySymbols) and place both the .exe and the .pdb that were created during the building process. When I start windbg, I set the symbol path to C:\MySymbols as well as set the Imagine File Path to C:\MySymbols as well and save the workspace. Now I go to load the dump file, but it seems to have issues with loading the symbol file for the exe. Here is what I am seeing:

    Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\MaxiDump.dmp]
    User Mini Dump File with Full Memory: Only application data is available

    Symbol search path is: C:\MySymbols;C:\MySymbols\*
    Executable search path is: C:\MySymbols
    Windows XP Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
    Product: WinNt, suite: SingleUserTS
    Machine Name:
    Debug session time: Thu Nov 11 12:26:56.000 2010 (GMT-5)
    System Uptime: 16 days 3:28:12.956
    Process Uptime: 0 days 0:00:15.000
    ........................................................
    *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
    This dump file has an exception of interest stored in it.
    The stored exception information can be accessed via .ecxr.
    (f38.16ec): Integer divide-by-zero - code c0000094 (first/second chance not available)
    eax=02f20000 ebx=0572ff20 ecx=00000007 edx=7c90e514 esi=00000000 edi=004d2b20
    eip=7c90e514 esp=0572f090 ebp=0572f0a0 iopl=0 nv up ei pl zr na pe nc
    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
    ntdll!KiFastSystemCallRet:
    7c90e514 c3 ret

    I have intentionally caused the code to crash, but what I am looking for is to see the stack trace.
    I must be missing something, but I don't know what.

    Thanks
     
    dekernel, Nov 11, 2010
    #1
  2. satrow

    satrow Major Geek Extraordinaire

    Welcome :)

    If the machine in question is connected, set the Symbols path to
    Code:
    SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
    and try again.

    Lots of great info on debugging dumps at carronna.org
     
    satrow, Nov 11, 2010
    #2
  3. dekernel

    dekernel Private E-2

    Well, I guess I need to hang my head in shame. It has been 5+ years since I have had to use Windbg to analyze process dumps. Once I ran the command "lm <module name>", Windbg loaded the modules for my process. I forgot that Windbg does a deferred load until it needs or told to load symbols.

    I posted to soon, and I apologize for wasting your time. :-o
     
    dekernel, Nov 11, 2010
    #3
  4. satrow

    satrow Major Geek Extraordinaire

    No worries :)
     
    satrow, Nov 11, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds