!itoldyouso complain Cannot read Image header @ ...
johndoe
after mapped, the driver finally get loaded. but it claims mismatched pdb.
how could it be mismatched when i just bld them?
sometimes it works, mostly it doesn't. so i am just dangling here for
several days.
basically, i found that i spent my 99% of my time to figure out what i was
wrong.
the whole thing shouldn't be that complicated. why?
i know that driver dev is a serious job, so i spent a lot of time to read
datasheet,
as well as those related specifications. i just don't think it worth my time
to figure out
this sort of internal working schemes.
thank you for your information.
johndoe
i have been able to set break point in the first place succefully for quite
some time.
kd> !lmi rtl8139
Loaded Module Info: [rtl8139]
Cannot read Image header @ f8b1e000
Load Report: private symbols & lines, not source indexed
D:\ne2000\rtl8139\objfre_wxp_x86\i386\RTL8139.pdb
kd> !sym
!sym <noisy/quiet - prompts/prompts off> - quiet mode - symbol prompts on
kd> !sym noisy
noisy mode - symbol prompts on
kd> !lmi rtl8139
Loaded Module Info: [rtl8139]
Cannot read Image header @ f8b1e000
Load Report: private symbols & lines, not source indexed
D:\ne2000\rtl8139\objfre_wxp_x86\i386\RTL8139.pdb
kd> .reload /u rtl8139
Unloaded rtl8139
kd> .reload /f rtl8139.sys=f8b1e000,900
Loading symbols for f8b1e000 rtl8139.sys ->
DBGHELP: C:\Program Files\Debugging Tools for Windows (x86)\rtl8139.sys -
file not found
SYMSRV: e:\mysymbols\rtl8139.sys\FFFFFFFE900\rtl8139.sys not found
SYMSRV:
http://msdl.microsoft.com/download/symbols/rtl8139.sys/FFFFFFFE900/rtl8139.sys
not found
DBGHELP: D:\ne2000\rtl8139\objfre_wxp_x86\i386\rtl8139.sys - OK
DBGENG: Partial symbol load found image
D:\ne2000\rtl8139\objfre_wxp_x86\i386\rtl8139.sys.
DBGHELP: e:\mysymbols\sys\RTL8139.pdb - file not found
DBGHELP: e:\mysymbols\sys\sys\RTL8139.pdb - file not found
DBGHELP: e:\mysymbols\sys\symbols\sys\RTL8139.pdb - file not found
DBGHELP: e:\mysymbols\exe\RTL8139.pdb - file not found
DBGHELP: e:\mysymbols\exe\sys\RTL8139.pdb - file not found
DBGHELP: e:\mysymbols\exe\symbols\sys\RTL8139.pdb - file not found
DBGHELP: e:\mysymbols\dll\RTL8139.pdb - file not found
DBGHELP: e:\mysymbols\dll\sys\RTL8139.pdb - file not found
DBGHELP: e:\mysymbols\dll\symbols\sys\RTL8139.pdb - file not found
SYMSRV:
e:\mysymbols\RTL8139.pdb\9EFEF6B8D5554B5B9229AB36C38E38101\RTL8139.pdb not
found
SYMSRV:
http://msdl.microsoft.com/download/symbols/RTL8139.pdb/9EFEF6B8D5554B5B9229AB36C38E38101/RTL8139.pdb
not found
rtl8139.sys
DBGHELP: rtl8139 - private symbols & lines
D:\ne2000\rtl8139\objfre_wxp_x86\i386\RTL8139.pdb
ModLoad: f8b1e000 f8b1e900 rtl8139.sys
kd> !lmi rtl8139
Loaded Module Info: [rtl8139]
Cannot read Image header @ f8b1e000
Load Report: private symbols & lines, not source indexed
D:\ne2000\rtl8139\objfre_wxp_x86\i386\RTL8139.pdb
Pavel A.
(waiting for the next release where the symbols unload problem would be
fixed).
Unloading the pdb explicitly helps: .reload /u drivername
After this, .reload /f usually gets the correct (updated) pdb - but
sometimes still doesn't :(
--pa
Pavel A.
> i am just dangling here for
> several days.
>
> basically, i found that i spent my 99% of my time to figure out what i was
> wrong.
> the whole thing shouldn't be that complicated. why?
>
> i know that driver dev is a serious job, so i spent a lot of time to read
> datasheet,
> as well as those related specifications. i just don't think it worth my time
> to figure out
> this sort of internal working schemes.
Right. the life is short, and there are so many annoyances.
Spending 99% of time to fiddle up the tools is a pity.
To start a project quickly and correctly, get help from
somebody who knows the WDK and debugger setup well.
Such a person is called consultant (at least where I live).
God luck,
--pa
johndoe
i have only done .reload /f rtl8139.sys=f8b1e000,900 for a million times~__~
kd> !dh rtl8139
Can't read file header: error == 127
i just don't know what to do. this is totally a learning project of my own.
Thank you again for your reply.
"Pavel A." <pav...@NOfastmailNO.fm> wrote in message
news:Oi3ezeNg...@TK2MSFTNGP02.phx.gbl...
johndoe
D:\ne2000\rtl8139\objfre_wxp_x86\i386>dumpbin rtl8139.sys /all
Microsoft (R) COFF Binary File Dumper Version 6.00.8168
Copyright (C) Microsoft Corp 1992-1998. All rights reserved.
Dump of file rtl8139.sys
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
14C machine (i386)
5 number of sections
498073FE time date stamp Wed Jan 28 07:04:30 2009
0 file pointer to symbol table
0 number of symbols
E0 size of optional header
10E characteristics
Executable
Line numbers stripped
Symbols stripped
32 bit word machine
OPTIONAL HEADER VALUES
10B magic #
7.10 linker version
300 size of code
200 size of initialized data
0 size of uninitialized data
71E RVA of entry point
400 base of code
500 base of data
10000 image base
80 section alignment
80 file alignment
5.01 operating system version
5.01 image version
5.01 subsystem version
0 Win32 version
900 size of image
400 size of headers
2DB7 checksum
1 subsystem (Native)
400 DLL characteristics
RESERVED - UNKNOWN
40000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
768 [ 3C] RVA [size] of Import Directory
0 [ 0] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
880 [ 28] RVA [size] of Base Relocation Directory
520 [ 1C] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Special Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
500 [ 20] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of Reserved Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
86 virtual size
400 virtual address
100 size of raw data
400 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
68000020 flags
Code
Not Paged
Execute Read
RAW DATA #1
00010400: 00 00 00 00 00 00 8B FF 55 8B EC 83 25 08 06 01 ......ļ
Uļ?ā%...
00010410: 00 00 33 C0 39 45 14 76 0F 8B 4D 10 83 3C 81 00
..3?9E.v.ļM.ā<..
00010420: 74 30 40 3B 45 14 72 F1 3B 45 14 74 1E 8B 4D 0C
t0@;E.r±;E.t.ļM.
00010430: 68 6D 4C 54 52 68 98 0B 00 00 68 08 06 01 00 89
hmLTRh....h....ė
00010440: 01 FF 15 00 05 01 00 85 C0 74 0E B8 11 00 01 C0 .
.....ą?t.?...?
00010450: EB 25 B8 19 00 01 C0 EB 1E 57 8B 3D 08 06 01 00
?%?...??.Wļ=....
00010460: 33 C0 B9 E6 02 00 00 F3 AB E8 12 00 00 00 8B 45
3??µ...?½?....ļE
00010470: 08 83 20 00 33 C0 5F 5D C2 18 00 CC CC CC CC CC .ā
.3?_]?..?????
00010480: FF 25 18 05 01 00 %....
SECTION HEADER #2
.rdata name
86 virtual size
500 virtual address
100 size of raw data
500 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
48000040 flags
Initialized Data
Not Paged
Read Only
RAW DATA #2
00010500: F0 07 00 00 3C 08 00 00 24 08 00 00 0C 08 00 00
?...<...$.......
00010510: 00 00 00 00 D4 07 00 00 C4 07 00 00 00 00 00 00
....?...?.......
00010520: 00 00 00 00 FE 73 80 49 00 00 00 00 02 00 00 00
....?s.I........
00010530: 4A 00 00 00 3C 05 00 00 3C 05 00 00 52 53 44 53
J...<...<...RSDS
00010540: B8 F6 FE 9E 55 D5 5B 4B 92 29 AB 36 C3 8E 38 10
?÷??U?[KĘ)½6?Ä8.
00010550: 01 00 00 00 64 3A 5C 6E 65 32 30 30 30 5C 72 74
....d:\ne2000\rt
00010560: 6C 38 31 33 39 5C 6F 62 6A 66 72 65 5F 77 78 70
l8139\objfre_wxp
00010570: 5F 78 38 36 5C 69 33 38 36 5C 52 54 4C 38 31 33
_x86\i386\RTL813
00010580: 39 2E 70 64 62 00 9.pdb.
Debug Directories
Type Size RVA Pointer
------ -------- -------- --------
cv 4A 0000053C 53C Format: RSDS
SECTION HEADER #3
.data name
C virtual size
600 virtual address
80 size of raw data
600 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C8000040 flags
Initialized Data
Not Paged
Read Write
RAW DATA #3
00010600: BF 44 FF FF 40 BB 00 00 00 00 00 00 ?D @?......
SECTION HEADER #4
INIT name
1DE virtual size
680 virtual address
200 size of raw data
680 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
E2000020 flags
Code
Discardable
Execute Read Write
RAW DATA #4
00010680: 00 00 00 00 00 00 8B FF 55 8B EC 83 EC 60 53 33 ......ļ
Uļ?ā?`S3
00010690: DB 53 FF 75 0C 8D 45 0C FF 75 08 50 FF 15 04 05 ?S u..E. u.P
...
000106A0: 01 00 39 5D 0C 75 07 B8 01 00 00 C0 EB 66 56 57
..9].u.?...??fVW
000106B0: 6A 18 59 33 C0 8D 7D A0 F3 AB 6A 60 8D 45 A0 50
j.Y3?.}į?½j`.EįP
000106C0: FF 75 0C C6 45 A0 05 88 5D A1 89 5D A8 89 5D AC
u.?Eį..]ķė]æė]¼
000106D0: 89 5D B0 89 5D B4 C7 45 BC 06 04 01 00 89 5D C4
ė]?ė]??E?....ė]?
000106E0: 89 5D CC 89 5D DC 89 5D E0 89 5D D4 89 5D E4 89
ė]?ė]?ė]?ė]?ė]?ė
000106F0: 5D B8 89 5D C0 FF 15 08 05 01 00 8B F0 3B F3 74 ]?ė]?
.....ļ?;?t
00010700: 0A 53 FF 75 0C FF 15 0C 05 01 00 E8 70 FD FF FF .S u. .....?p²
00010710: 5F 8B C6 5E 5B C9 C2 08 00 CC CC CC CC CC 8B FF _ļ?^[??..?????ļ
00010720: 55 8B EC A1 04 06 01 00 85 C0 B9 40 BB 00 00 74
Uļ?ķ....ą??@?..t
00010730: 04 3B C1 75 23 8B 15 14 05 01 00 B8 04 06 01 00
.;?u#ļ.....?....
00010740: C1 E8 08 33 02 25 FF FF 00 00 A3 04 06 01 00 75 ??.3.%
..ś....u
00010750: 07 8B C1 A3 04 06 01 00 F7 D0 A3 00 06 01 00 5D
.ļ?ś....??ś....]
00010760: E9 21 FF FF FF CC CC CC B8 07 00 00 00 00 00 00 ?!
????.......
00010770: 00 00 00 00 E2 07 00 00 14 05 00 00 A4 07 00 00
....?.......ń...
00010780: 00 00 00 00 00 00 00 00 54 08 00 00 00 05 00 00
........T.......
00010790: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
000107A0: 00 00 00 00 F0 07 00 00 3C 08 00 00 24 08 00 00
....?...<...$...
000107B0: 0C 08 00 00 00 00 00 00 D4 07 00 00 C4 07 00 00
........?...?...
000107C0: 00 00 00 00 2D 00 44 62 67 42 72 65 61 6B 50 6F
....-.DbgBreakPo
000107D0: 69 6E 74 00 63 02 4B 65 54 69 63 6B 43 6F 75 6E
int.c.KeTickCoun
000107E0: 74 00 6E 74 6F 73 6B 72 6E 6C 2E 65 78 65 00 00
t.ntoskrnl.exe..
000107F0: 0E 00 4E 64 69 73 41 6C 6C 6F 63 61 74 65 4D 65
..NdisAllocateMe
00010800: 6D 6F 72 79 57 69 74 68 54 61 67 00 04 01 4E 64
moryWithTag...Nd
00010810: 69 73 54 65 72 6D 69 6E 61 74 65 57 72 61 70 70
isTerminateWrapp
00010820: 65 72 00 00 C1 00 4E 64 69 73 4D 52 65 67 69 73
er..?.NdisMRegis
00010830: 74 65 72 4D 69 6E 69 70 6F 72 74 00 89 00 4E 64
terMiniport.ė.Nd
00010840: 69 73 49 6E 69 74 69 61 6C 69 7A 65 57 72 61 70
isInitializeWrap
00010850: 70 65 72 00 4E 44 49 53 2E 53 59 53 00 00 per.NDIS.SYS..
Section contains the following imports:
ntoskrnl.exe
10514 Import Address Table
107B8 Import Name Table
0 time date stamp
0 Index of first forwarder reference
263 KeTickCount
2D DbgBreakPoint
NDIS.SYS
10500 Import Address Table
107A4 Import Name Table
0 time date stamp
0 Index of first forwarder reference
E NdisAllocateMemoryWithTag
89 NdisInitializeWrapper
C1 NdisMRegisterMiniport
104 NdisTerminateWrapper
SECTION HEADER #5
.reloc name
38 virtual size
880 virtual address
80 size of raw data
880 file pointer to raw data
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42000040 flags
Initialized Data
Discardable
Read Only
RAW DATA #5
00010880: 00 00 00 00 28 00 00 00 0D 34 3B 34 43 34 5C 34
....(....4;4C4\4
00010890: 82 34 9E 36 D9 36 F7 36 07 37 24 37 37 37 3C 37
é4?6?6?6.7$777<7
000108A0: 4B 37 54 37 5B 37 00 00 00 00 00 00 00 00 00 00
K7T7[7..........
000108B0: 00 00 00 00 00 00 00 00 ........
BASE RELOCATIONS #5
0 RVA, 28 SizeOfBlock
40D HIGHLOW
43B HIGHLOW
443 HIGHLOW
45C HIGHLOW
482 HIGHLOW
69E HIGHLOW
6D9 HIGHLOW
6F7 HIGHLOW
707 HIGHLOW
724 HIGHLOW
737 HIGHLOW
73C HIGHLOW
74B HIGHLOW
754 HIGHLOW
75B HIGHLOW
0 ABS
Summary
80 .data
100 .rdata
80 .reloc
100 .text
200 INIT
D:\ne2000\rtl8139\objfre_wxp_x86\i386>
"Pavel A." <pav...@NOfastmailNO.fm> wrote in message
news:eNCNukNg...@TK2MSFTNGP04.phx.gbl...
Pavel A.
> Thank you pa~
>
> i have only done .reload /f rtl8139.sys=f8b1e000,900 for a million times~__~
Ok, now try .reload /u rtl8139.sys
--pa
johndoe
when map file, the doc says it should be case sensitive. you know what, i
spent a
whole day to make that map happen! :-(
why? this is my question. the programmer who wrote .kdfiles extension,
should
think about it, why should it be sensitive here? i just can't get it!
this is a really great company whoes time is seriously valuable, while the
other people
can only feel how serious it is.
johndoe
how could i if i don't know that?
"Pavel A." <pav...@NOfastmailNO.fm> wrote in message
news:umDI3vNg...@TK2MSFTNGP03.phx.gbl...
johndoe
work.
what else can i do? just do other things, and some day it will work. i
always did that.
Jeffrey Walton
In the past, I have encountered simialr obscure issues when an
incorrect version of DbgHlp gets in the mix. Your error, 127 'The
specified procedure could not be found,' might indicate the same. In
my case, heres what usually happens: I link my program against the
latest version of DbgHlp. At runtime, the latest version of DbgHlp is
not used (perhaps missing from the program's PWD, other times I bring
in a downlevel version of the library). If DbgHlp is missing from PWD,
the OS will usually find it in ...\System32\, which will most
certainly create problems.
Jeff
johndoe
whenever we issue .kdfiles, the debugger will replace the driver image which
is mostly located in \Systemroot\system32\drivers, with the mapped one!
it means the original image have been deleted! so, if you don't take place
of it
with the original one, you will be always given that mapped one in the first
place.
so I use this:
.kdfiles -m \SystemRoot\system32\DRIVERS\serial.sys
c:\windows\system32\DRIVERS\serial.sys
and it works!
Thank you!
\SystemRoot\system32\DRIVERS\serial.sys
"Jeffrey Walton" <nolo...@gmail.com> wrote in message
news:dc1525af-771b-4aa3...@i18g2000prf.googlegroups.com...