Re: 关于ntdll.dll对应的符号文件
C/C++本地代码调试
关于ntdll.dll对应的符号文件
BianChengNan
2015-10-10, 09:44 上午
请教各位:
微软的符号服务器提供的某些版本的ntdll.dll对应的符号文件是不是有问题?
我想使用!heap -s查看下堆信息,但是总出错。
0:005> .sympath
Symbol search path is: srv*d:\mssymbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*d:\mssymbols*http://msdl.microsoft.com/download/symbols
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*d:\mssymbols*http://msdl.microsoft.com/download/symbols
0:005> .reload
Reloading current modules
....................................
0:005> !heap -s
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_HEAP_ENTRY ***
*** ***
*************************************************************************
Invalid type information
!heap -s总是提示符号不对
ntdll!_HEAP_ENTRY
这个总是提示找不到,试过了各种办法,windbg的版本也换了几个,都是不行,最后怀疑是微软提供的符号有问题。
0:005> !lmi ntdll
Loaded Module Info: [ntdll]
Module: ntdll
Base Address: 0000000077360000
Image Name: C:\Windows\SYSTEM32\ntdll.dll
Machine Type: 34404 (X64)
Time Stamp: 55b02e88 Thu Jul 23 08:00:08 2015
Size: 1a9000
CheckSum: 1b56fe
Characteristics: 2022 perf
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 22, fd498, fc898 RSDS - GUID: {4BF6B131-3C5C-41D5-BC33-DD96E4F33786}
Age: 2, Pdb: ntdll.pdb
CLSID 4, fd494, fc894 [Data not mapped]
Image Type: FILE - Image read successfully from debugger.
C:\Windows\SYSTEM32\ntdll.dll
Symbol Type: PDB - Symbols loaded successfully from image path.
d:\mssymbols\ntdll.pdb\4BF6B1313C5C41D5BC33DD96E4F337862\ntdll.pdb
Load Report: public symbols , not source indexed
d:\mssymbols\ntdll.pdb\4BF6B1313C5C41D5BC33DD96E4F337862\ntdll.pdb
4BF6B1313C5C41D5BC33DD96E4F337862 应该是个GUID吧,其它电脑上ntdll对应的符号文件的GUID不是这个值,运行很正常。
ntdll的信息如下:
0:005> lm vm ntdll
start end module name
00000000`77360000 00000000`77509000 ntdll (pdb symbols) d:\mssymbols\ntdll.pdb\4BF6B1313C5C41D5BC33DD96E4F337862\ntdll.pdb
Loaded symbol image file: C:\Windows\SYSTEM32\ntdll.dll
Image path: C:\Windows\SYSTEM32\ntdll.dll
Image name: ntdll.dll
Timestamp: Thu Jul 23 08:00:08 2015 (55B02E88)
CheckSum: 001B56FE
ImageSize: 001A9000
File version: 6.1.7601.18939
Product version: 6.1.7601.18939
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft® Windows® Operating System
InternalName: ntdll.dll
OriginalFilename: ntdll.dll
ProductVersion: 6.1.7601.18939
FileVersion: 6.1.7601.18939 (win7sp1_gdr.150722-0600)
FileDescription: NT Layer DLL
LegalCopyright: © Microsoft Corporation. All rights reserved.
我的系统
win7 x64 sp1
不知道有遇到过这个问题的兄弟么?
另外:有些符号用x命令看不到,但是dt可以查看,不知道为啥?难道x命令不能查看全部符号?比如_PEB这个符号用x命令看不到,但是用dt可以看到详细结构。
Re: 关于ntdll.dll对应的符号文件
chena_cpp
2015-10-30, 11:28 上午
你是不是最近从microsoft symbol server上下的pdb?如果是最近下的,那应该实是symbol的问题,
详情见http://stackoverflow.com/questions/32217038/ntdll-module-not-loading-correctly-in-windbg-but-why。
Re: 关于ntdll.dll对应的符号文件
BianChengNan
2015-11-17, 16:40 下午
sorry,最近忙别的了,才看到。是的 是问题发生的那天我重新取得pdb,我记得之前没这个问题,所以对微软的pdb有所怀疑,但是又不敢确定。
多谢啦!