***错误:找不到符号文件。默认导出ntkrnlmp.exe的符号

时间:2017-05-02 19:09:32

标签: windows debugging windbg

Hello Stackoverflow社区,

我正在尝试在 Windows 10 上调试应用程序,并要求Windows调试器框架加载符号以在(Windows内核调试器)kd中运行某些命令。

每次我通过输入kd -kl在命令提示符下加载内核调试器(kd)(注意:你需要启用bcdedit -debug才能使它工作),我得到下面的堆栈跟踪:

Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Connected to Windows 10 10240 x64 target at (Tue May  2 18:26:51.800 2017 (UTC - 7:00)), ptr64 TRUE
Symbol search path is: srv*
Executable search path is:
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe -
Windows 10 Kernel Version 10240 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10240.17354.amd64fre.th1_st1.170327-1827
Machine Name:
Kernel base = 0xfffff803`1da07000 PsLoadedModuleList = 0xfffff803`1dd2c070
Debug session time: Tue May  2 18:26:53.740 2017 (UTC - 7:00)
System Uptime: 0 days 0:50:43.754
lkd>
  • 乍一看,似乎没有配置我的同情心。
  • 我将其配置为指向文件系统上的路径(请参阅下一点)。

  • .sympath srv*C:\symbols*https://msdl.microsoft.com/download/symbols

  • 现在,我设置了!sym noisy并执行.reload,我得到以下跟踪

    lkd> !sym noisy noisy mode - symbol prompts off lkd> .reload Connected to Windows 10 10240 x64 target at (Tue May 2 18:41:38.542 2017 (UTC - 7:00)), ptr64 TRUE SYMSRV: BYINDEX: 0x3 c:\symbols*https://msdl.microsoft.com/download/symbols ntkrnlmp.pdb 30D698E116494C24A48409E2A73883CF1 SYMSRV: c:\symbols\ntkrnlmp.pdb\30D698E116494C24A48409E2A73883CF1\ntkrnlmp.pdb - file not found SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/ntkrnlmp.pdb SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/ntkrnlmp.pd_ SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/file.ptr SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND SYMSRV: c:\symbols\ntkrnlmp.pdb\30D698E116494C24A48409E2A73883CF1\ntkrnlmp.pdb not found SYMSRV: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/ntkrnlmp.pdb not found DBGHELP: ntkrnlmp.pdb - file not found *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - DBGHELP: nt - export symbols Loading Kernel Symbols ............................................................... ................................................................ ......... Loading User Symbols

*************符号加载错误摘要************** 

Module name            Error
SharedUserData         No error - symbol load deferred
                                Symbol loading has been deferred because this symbol is not needed
                                at this time. Use reload /f to force load symbols.

ntkrnlmp               The system cannot find the file specified
                                The SYMSRV client failed to find a file in the UNC store, or there
                                is an invalid UNC store (an invalid path or the pingme.txt file is
                                not present in the root directory), or the file is present in the
                                symbol server exclusion list.

我还尝试执行ERROR: Symbol file could not be found. windbg.exeError:Symbol File not found in WinDbg中解释的步骤,但没有运气。我收到的错误表明有404个错误。

它始终指向此文件ntkrnlmp.exe并说它丢失(或未找到)。

过去有没有人遇到过类似的问题?如果是这样,我该怎么做才能解决这个问题?

1 个答案:

答案 0 :(得分:2)

您配置的sympath是正确的。我认为这很可能是因为Microsoft没有将PDB符号上传到其符号服务器。通常情况下,每个补丁星期二后几天都会有新的符号。 (它可能会在未来变得更快。[1])对于您的情况,我建议您在windbgfb@microsoft.com向Microsoft WinDbg团队报告此问题,并在此处发布跟踪信息。

[1] https://twitter.com/aluhrs13/status/842590084952088580
[2]电子邮件地址来自this page

相关问题
最新问题