Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Troubleshooting
  New Posts New Posts RSS Feed - crashdump analysis and symbols
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

crashdump analysis and symbols

 Post Reply Post Reply
Author
Message
netskink View Drop Down
Newbie
Newbie
Avatar

Joined: 23 July 2008
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote netskink Quote  Post ReplyReply Direct Link To This Post Topic: crashdump analysis and symbols
    Posted: 23 July 2008 at 6:44pm
Hello
 
I am trying to use windbg to examine the KiBugCheckDriver variable but
kd> x /v KiBugCheckDriver
does nothing. 
kd> x /v nt!KiButCheckDriver
pub global xxxxx 0 nt!KiBugCheckDriver = <no type information>
as well.
 
What am I doing wrong?
Back to Top
netskink View Drop Down
Newbie
Newbie
Avatar

Joined: 23 July 2008
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote netskink Quote  Post ReplyReply Direct Link To This Post Posted: 23 July 2008 at 6:50pm
Hmm.  I have problems with my symbols as well.
 
I did
kd> .symfix c:/Symbols
kd> .reload
Loading kernel symbols ....
Loading User symbols ....
Loading unloaded module list ..
Smile
kd> x /v nt!KiBugCheckDriver
pub global nxnxnxnx 0 nt!KiBugCheckDriver * <no typer information>
Cry
 
I am using a crash dump analysis of all memory.  Any idea what is wrong?
 
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 23 July 2008 at 7:03pm
Hi netskink,
 
What version of the Debugging Tools for Windows are you using?
 
FWIW, I get similar results, for all symbols in win32k and ntoskrnl (x /v nt!* & x /v win32k!*), and I have no reason to expect a problem with my symbols.
 
(Note: your posts kept in this topic since the "WinDbg symbols problem" topic would seem to be about a different issue.)
 
 


Edited by molotov - 23 July 2008 at 7:04pm
Daily affirmation:
net helpmsg 4006
Back to Top
netskink View Drop Down
Newbie
Newbie
Avatar

Joined: 23 July 2008
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote netskink Quote  Post ReplyReply Direct Link To This Post Posted: 23 July 2008 at 7:16pm
Debugging Tools for Windows - Version 6.9 April 2008
 
x /v nt!* gives lots of entrypoints
likewise for
x /v win32k!*
 
However each of them has <no type information> for each entrypoint.
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 23 July 2008 at 7:19pm
I get the same behavior, with the same version of the Debugging Tools for Windows.  Have you had past success with a previous version of the DTW?  One thought (not sure if it will work) may be to give the previous version (6.8.4.0) a try.

Edited by molotov - 23 July 2008 at 7:19pm
Daily affirmation:
net helpmsg 4006
Back to Top
netskink View Drop Down
Newbie
Newbie
Avatar

Joined: 23 July 2008
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote netskink Quote  Post ReplyReply Direct Link To This Post Posted: 23 July 2008 at 7:24pm
This is the first time I have used windbg. I have not used a previous version.
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 23 July 2008 at 7:59pm
6.8.4.0 doesn't behave any differently.
 
Are you trying to inspect the contents of KiBugCheckDriver?  Or trying to determine its type? 
 
Quote This is the first time I have used windbg
Perhaps the former, then.  Try du nt!KiBugCheckDriver.
Daily affirmation:
net helpmsg 4006
Back to Top
netskink View Drop Down
Newbie
Newbie
Avatar

Joined: 23 July 2008
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote netskink Quote  Post ReplyReply Direct Link To This Post Posted: 23 July 2008 at 8:18pm
that does 90553920 "square square"
 
I am trying to see the structure so I can pass the string portion to !ustr
 
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 23 July 2008 at 8:37pm
Quote 90553920
Do you perhaps mean 80553920?
 
Perhaps this will be of interest:
 
Also... Note "Jeffrey Tan[MSFT]"'s output from x /v nt!KiBugCheckDriver:
Quote prv global 808a6530    4 nt!KiBugCheckDriver = 0x00000000
 
Then note "Olegas"' output from the same command:
Quote pub global 8055c060    0 nt!KiBugCheckDriver = <no type information>
 
Similar to what we both see.  Perhaps private symbols (as Jeffrey seems to have access to) are required?


Edited by molotov - 23 July 2008 at 9:08pm
Daily affirmation:
net helpmsg 4006
Back to Top
netskink View Drop Down
Newbie
Newbie
Avatar

Joined: 23 July 2008
Status: Offline
Points: 24
Post Options Post Options   Thanks (0) Thanks(0)   Quote netskink Quote  Post ReplyReply Direct Link To This Post Posted: 24 July 2008 at 2:03pm
Thanks.  That procedure works for me.  ie. I can see the string without having the type information.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down