•  24-06-2022
  •  | 
  •  

Question

I have a problem with symbol files. I experimented with the symbol file path and set the path as follows:

srv*c:\symbols*http://msdl.microsoft.com/download/symbols;C:\Users\myuser\Desktop\driver2\objchk_win7_x86\i386

But afterwards I changed it to the following:

srv*c:\symbols*http://msdl.microsoft.com/download/symbols;C:\Users\myuser\Desktop\mydriver\objchk_win7_x86\i386

I changed the driver2 with mydriver in the path: this is the path where the .pdb file for my driver is located. The problem is that .sympath prints the right path as shown below:

kd> .sympath
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;C:\Users\myuser\Desktop\mydriver\objchk_win7_x86\i386
Expanded Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols;c:\users\myuser\desktop\mydriver\objchk_win7_x86\i386

But the symbols for the driver are still not found. If I run .reload command, we can see that WinDbg is looking for .pdb in driver2/ directory instead of mydriver/ directory.

kd> .reload /f mydriver.sys
SYMSRV:  c:\symbols\mydriver.pdb\3D655E533B0449A38D7AB0AF637CE9201\mydriver.pdb not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/mydriver.pdb/3D655E533B0449A38D7AB0AF637CE9201/mydriver.pdb not found
SYMSRV:  c:\users\myuser\desktop\mydriver\objchk_win7_x86\i386\mydriver.pdb\3D655E533B0449A38D7AB0AF637CE9201\mydriver.pdb not found
DBGHELP: c:\users\myuser\desktop\driver2\objchk_win7_x86\i386\mydriver.pdb - file not found
*** ERROR: Module load completed but symbols could not be loaded for mydriver.sys
DBGHELP: mydriver - no symbols loaded

I've deleted all the workspaces, closed WinDbg, restarted Windows, but the driver2/ entry is still there: it must be in the default workspace's cache or somewhere. How can I delete the whole personal settings of WinDbg including those caches, so I can restart WinDbg and be gone with the driver2/ path and make it use mydriver/.

I could also solve the problem with renaming the mydriver/ directory back into driver2/, but I don't want to solve the problem like that. I want to understand what's going on and solve it the best I can.

Was it helpful?

Solution 

!sym noisy

will tell you why it did not want to load the pdb. Perhaps you did rebuild your driver and the pdb guid or pdb age does no longer match. If you are sure that you have built the same source files you can force loading of your pdb by

.reload /i /f yourdriver.sys

/i is the magic switch to load also mismatched pdbs. This switch will not load any driver from your symbol server but it will consider only local file paths to load your driver. Also symbol store directories (SRV*) are not considered since there would be many versions to choose from. But if your .sympath directly points to your pdb it will be loaded.

OTHER TIPS

Is the driver originally compiled & built in the driver2 path? What is the location of mydriver.sys? 

For example assume I have symbol path 'c:\users\rahulsundar\desktop' set and try to load ntdll.dll, then it displays below error,

0:000> .reload ntdll.dll
DBGHELP: c:\users\rahulsundar\desktop\ntdll.pdb - file not found
DBGHELP: c:\users\rahulsundar\desktop\dll\ntdll.pdb - file not found
DBGHELP: c:\users\rahulsundar\desktop\symbols\dll\ntdll.pdb - file not found
DBGHELP: C:\Windows\SYSTEM32\ntdll.pdb - file not found
DBGHELP: ntdll.pdb - file not found
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
DBGHELP: ntdll - export symbols

Note: Windbg by default searches ntdll.pdb from the same location 'C:\Windows\SYSTEM32'

One way to solve the current issue, from the log its clear that windbg expects pdb file in directory 'c:\users\myuser\desktop\mydriver\objchk_win7_x86\i386\mydriver.pdb\3D655E533B0449A38D7AB0AF637CE9201\mydriver.pdb'.

So manually create directory till 'mydriver.pdb\3D655E533B0449A38D7AB0AF637CE9201' and place pdb file there.

This is just a standard way( binaryfoldername\hashid\pdbfile ) that Windows expects a symbol for a binary.

Better way to solve this - turn on sim noisy and look at path at .reload /f my_driver.sys or add new path to .sympath[+] path/to/pdb and do the same

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top