Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

symbol server when doing kd->ntsd -d

116 views
Skip to first unread message

paul moore

unread,
Dec 11, 2003, 11:55:45 AM12/11/03
to
I am trying to debug inside lsass. SO I am using kerndel
debugger to talk to ntsd -d. Works fine but I cant get the
symbols to work. Both the host and target can commnicate
to symbol server using SRV*... but when i try to do it
from the host windbg KD session it fails.
0:010> .reload /f kerberos.dll
DBGHELP: diaLocatePDB-> Looking for C:\WINNT\system32
\kerberos.pdb... file not found
DBGHELP: diaLocatePDB-> Looking for
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbol
s\symbols\dll\kerberos.pdb... file not found
DBGHELP: diaLocatePDB-> Looking for
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbol
s\dll\kerberos.pdb... file not found
DBGHELP: diaLocatePDB-> Looking for
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbol
s\kerberos.pdb... file not found
DBGHELP: diaLocatePDB-> Looking for kerberos.pdb... file
not found
DBGHELP: FindDebugInfoFileEx-> Looking for
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbol
s\symbols\dll\kerberos.dbg... file error 0x7b
DBGHELP: FindDebugInfoFileEx-> Looking for
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbol
s\dll\kerberos.dbg... file error 0x7b
DBGHELP: FindDebugInfoFileEx-> Looking for
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbol
s\kerberos.dbg... file error 0x7b
DBGHELP: FindDebugInfoFileEx-> Looking for
C:\\WINNT\system32\kerberos.dbg... file not found
DBGHELP: LoadCodeViewSymbols:
hProcess 000007A0

Ivan Brugiolo [MSFT]

unread,
Dec 11, 2003, 12:29:55 PM12/11/03
to
When using "ntsd-piped-through-kd" you really need to have symbols locally.
ntsd.exe will not be able to load symbols when in the KD prompt,
because all the execuiton on the machine stalls.
In the most recent versions od NTSD there should be a message like
" the .sympath is relative to where ntsd.exe runs and not where KD.exe runs"
to make this very clear and explicit.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"paul moore" <anon...@discussions.microsoft.com> wrote in message
news:0f2501c3c007$9e83d5d0$a401...@phx.gbl...

Martin Chisholm [MSFT]

unread,
Dec 15, 2003, 3:56:06 AM12/15/03
to
One easy way to do this is to use `symchk.exe` which comes with the debuggers.

Before you start debugging lsass, run this:
$ symchk -s srv*c:\symcache*http://msdl.microsoft.com/download/symbols -ie lsass.exe

This will fetch all the symbols for lsass and the loaded DLLs.

Then while you're debugging lsass, set the symbol path to:
.sympath srv*c:\symcache

Note that it's only using a local directory, and not the
network. Accessing the network can cause annoying hangs.

BTW, please make sure you're using the ntsd.exe from the debugger
package instead of the one from system32 (which I think does not do
the 'srv*' syntax, and is also pretty old). If you're using the 'Image
File Execution Options', you need to specify the full path to ntsd.exe
(e.g. 'c:\debuggers\ntsd.exe -dgG').

Or if you want a Not Really Fun Experience, you can do a '.breakin',
and then use '!process 0 0 lsass.exe', '.process /r /p <EPROCESS>' and
debug lsass from kd.

-martin

Boring-but-necessary-disclaimer: This posting is provided "AS IS" with


no warranties, and confers no rights.


In article <uMi9hxAw...@TK2MSFTNGP11.phx.gbl>,

0 new messages