lukewat
Trophy Hunter
LEVEL 1
300 XP
Hello everyone!
The system is Windows-7 x64, version 6.1.7601-SP1.
The problem is that WinDbg cannot find debugging symbols for the Win32k.sys file on the Microsoft server, although it downloads all the others normally to the local storage C:\Symbols. Here is the info about Win32k.sys on my machine:
Machine : 0x8664 - AMD64
Version : 6.1.7601.17514
TimeStamp: 20.11.2010 - 14:52:51
GUID/RSDS: 21E2778D-D295-4987-A9B7-212463FFDC5E
The last GUID is taken from the "Debug" section of the executable *.sys file (see PeAnatomist software), and this same GUID will be the name of the folder in the local storage. That is, the full path will look like
C:\Symbols\Win32k.pdb\21E2778DD2954987A9B7212463FFDC5E\Win32k.pdb
Maybe someone has a version of symbols with the same GUID, I will be very grateful. Here are some logs from the debugger that do not give a result (for Kernel I use the LiveKd shell):
LiveKd v5.62 - Execute kd/windbg on a live system
Sysinternals - http://www.sysinternals.com
Copyright © 2000-2016 Mark Russinovich and Ken Johnson
Launching C:\program files\Debugging Tools for Windows (x64)\kd.exe:
Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64
Loading Dump File [C:\Windows\livekd.dmp]
Kernel Complete Dump File: Full address space is available
Symbol search path is: srv*c:\symbols*
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.23539.amd64fre.win7sp1_ldr.160902-0600
Kernel base = 0xfffff800`02c5f000 PsLoadedModuleList = 0xfffff800`02ea1730
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
........
0: kd> !sym noisy
noisy mode - symbol prompts off
0: kd> .reload /f Win32k.sys
DBGHELP: c:\symbols\win32k.sys\4CE79A73310000\win32k.sys - OK
DBGENG: Partial symbol load found image c:\symbols\win32k.sys\4CE79A73310000\win32k.sys.
SYMSRV: c:\symbols\win32k.pdb\21E2778DD2954987A9B7212463FFDC5E2\win32k.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/win32k.pdb/21E2778DD2954987A9B7212463FFDC5E2/win32k.pdb not found
DBGHELP: win32k.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for win32k.sys -
0: kd> !lmi win32k
Loaded Module Info: [win32k]
Module: win32k
Base Address: fffff96000060000
Image Name: win32k.sys
Machine Type: 34404 (X64)
Time Stamp: 4ce79a73 Sat Nov 20 14:52:51 2010
Size: 310000
CheckSum: 2fe2cf
Characteristics: 22
Debug Data Dirs: Type Size VA Pointer GUID
CODEVIEW 23, 2a0888, 29fc88, {21E2778D-D295-4987-A9B7-212463FFDC5E}
Age: 2, Pdb: win32k.pdb
Symbol Type: DEFERRED - No error - symbol load deferred
Load Report: no symbols loaded
0: kd>
In essence, I need the contents of the following structures for any 64-bit Win OS from 7 to 11:
_W32PROCESS, _W32THREAD, _HWND, tagPROCESSINFO, tagTHREADINFO, и tagQMSG
Now I have Win32k.pdb for x32 WinXP, and if I open it in the same "PEAnatomist", I can see that all these structures are in the database, but I can't view their contents (I need to search and install XP specifically for this version of pdb). Thanks in advance for any advice and help.
leaving a like is much appreciated and help me to keep publishing threads.
The system is Windows-7 x64, version 6.1.7601-SP1.
The problem is that WinDbg cannot find debugging symbols for the Win32k.sys file on the Microsoft server, although it downloads all the others normally to the local storage C:\Symbols. Here is the info about Win32k.sys on my machine:
Machine : 0x8664 - AMD64
Version : 6.1.7601.17514
TimeStamp: 20.11.2010 - 14:52:51
GUID/RSDS: 21E2778D-D295-4987-A9B7-212463FFDC5E
The last GUID is taken from the "Debug" section of the executable *.sys file (see PeAnatomist software), and this same GUID will be the name of the folder in the local storage. That is, the full path will look like
C:\Symbols\Win32k.pdb\21E2778DD2954987A9B7212463FFDC5E\Win32k.pdb
Maybe someone has a version of symbols with the same GUID, I will be very grateful. Here are some logs from the debugger that do not give a result (for Kernel I use the LiveKd shell):
LiveKd v5.62 - Execute kd/windbg on a live system
Sysinternals - http://www.sysinternals.com
Copyright © 2000-2016 Mark Russinovich and Ken Johnson
Launching C:\program files\Debugging Tools for Windows (x64)\kd.exe:
Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64
Loading Dump File [C:\Windows\livekd.dmp]
Kernel Complete Dump File: Full address space is available
Symbol search path is: srv*c:\symbols*
Loading…
msdl.microsoft.com
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.23539.amd64fre.win7sp1_ldr.160902-0600
Kernel base = 0xfffff800`02c5f000 PsLoadedModuleList = 0xfffff800`02ea1730
Loading Kernel Symbols
...............................................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
........
0: kd> !sym noisy
noisy mode - symbol prompts off
0: kd> .reload /f Win32k.sys
DBGHELP: c:\symbols\win32k.sys\4CE79A73310000\win32k.sys - OK
DBGENG: Partial symbol load found image c:\symbols\win32k.sys\4CE79A73310000\win32k.sys.
SYMSRV: c:\symbols\win32k.pdb\21E2778DD2954987A9B7212463FFDC5E2\win32k.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/win32k.pdb/21E2778DD2954987A9B7212463FFDC5E2/win32k.pdb not found
DBGHELP: win32k.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for win32k.sys -
0: kd> !lmi win32k
Loaded Module Info: [win32k]
Module: win32k
Base Address: fffff96000060000
Image Name: win32k.sys
Machine Type: 34404 (X64)
Time Stamp: 4ce79a73 Sat Nov 20 14:52:51 2010
Size: 310000
CheckSum: 2fe2cf
Characteristics: 22
Debug Data Dirs: Type Size VA Pointer GUID
CODEVIEW 23, 2a0888, 29fc88, {21E2778D-D295-4987-A9B7-212463FFDC5E}
Age: 2, Pdb: win32k.pdb
Symbol Type: DEFERRED - No error - symbol load deferred
Load Report: no symbols loaded
0: kd>
In essence, I need the contents of the following structures for any 64-bit Win OS from 7 to 11:
_W32PROCESS, _W32THREAD, _HWND, tagPROCESSINFO, tagTHREADINFO, и tagQMSG
Now I have Win32k.pdb for x32 WinXP, and if I open it in the same "PEAnatomist", I can see that all these structures are in the database, but I can't view their contents (I need to search and install XP specifically for this version of pdb). Thanks in advance for any advice and help.
Loading…
i.ibb.co