2

I'm attempting to debug an application using WinDbg. The server doesn't have internet access, so I can't use the Microsoft Symbol server. I went ahead and downloaded the symbols for Server 2012 R2 Retail. Moved them over to the server, and installed to C:\Symbols.

When I attempt to run the debugger, I get the following output. 

CommandLine: C:\actionsync\ActionSync\ActionSync.exe

************* Symbol Path validation summary **************
Response                         Time (ms)     Location 
Deferred                                       srv*
DBGHELP: Symbol Search Path: .sympath srv*c:\symbols*

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       .sympath srv*c:\Symbols*
DBGHELP: Symbol Search Path: .sympath srv*c:\symbols*
DBGHELP: Symbol Search Path: .sympath srv*c:\symbols*
Symbol search path is: .sympath srv*c:\Symbols*
Executable search path is: srv*
DBGHELP: SharedUserData - virtual symbol module
ModLoad: 00ec0000 00ecc000   ActionSync.exe
ModLoad: 77120000 7728f000   ntdll.dll
ModLoad: 6fc30000 6fc86000   C:\Windows\SysWOW64\MSCOREE.DLL
ModLoad: 74de0000 74f20000   C:\Windows\SysWOW64\KERNEL32.dll
ModLoad: 74f20000 74ff7000   C:\Windows\SysWOW64\KERNELBASE.dll
(1054.478): Break instruction exception - code 80000003 (first chance)
DBGHELP: Invalid path: '.sympath srv*c:\symbols*'
DBGHELP: C:\Windows\SYSTEM32\wntdll.pdb - file not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
DBGHELP: ntdll - export symbols
eax=00000000 ebx=00000000 ecx=7fdc0000 edx=00000000 esi=7ee16000 edi=00000000
eip=771d3c7d esp=0104f2f4 ebp=0104f320 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrInitShimEngineDynamic+0x6dd:
771d3c7d cc              int     3

I am completely new to using WinDbg. Additionally, I cannot install VS on this machine.

As far as I know, I have everything setup correctly, but I'm still not able to debug this application.

Any help would be appreciated.

EDIT 1:

I updated the symbol path based on Thomas Weller's Comment

Here is the output

0:000> .sympath
Symbol search path is: .sympath srv*c:\Symbols*
Expanded Symbol search path is: .sympath srv*c:\symbols*

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       .sympath srv*c:\Symbols*
Error: Change all symbol paths attempts to access '.sympath c:\symbols' failed: 0x7b - The filename, directory name, or volume label syntax is incorrect.

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Error                            16            .sympath c:\symbols
DBGHELP: Symbol Search Path: .sympath c:\symbols
DBGHELP: Symbol Search Path: .sympath c:\symbols
0:000> .reload
Reloading current modules
.....
DBGHELP: Invalid path: '.sympath c:\symbols'
DBGHELP: C:\Windows\SYSTEM32\wntdll.pdb - file not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
DBGHELP: ntdll - export symbols

************* Symbol Loading Error Summary **************
Module name            Error
ntdll                  All symbol search paths were invalid
            Please check your symbol search path.


The following location did not respond and were excluded during symbol loading:
.sympath c:\symbols

EDIT 2:

So, it appears that the sympath is case sensitive.

I updated the sympath C:\Symbols

This is the output.

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
OK                                             c:\Symbols
DBGHELP: Symbol Search Path: c:\symbols
DBGHELP: Symbol Search Path: c:\symbols
0:000> .reload
Reloading current modules
.....
DBGHELP: c:\symbols\wntdll.pdb - file not found
DBGHELP: c:\symbols\dll\wntdll.pdb - file not found
DBGHELP: c:\symbols\symbols\dll\wntdll.pdb - file not found
DBGHELP: C:\Windows\SYSTEM32\wntdll.pdb - file not found
DBGHELP: wntdll.pdb - file not found
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
DBGHELP: ntdll - export symbols

************* Symbol Loading Error Summary **************
Module name            Error
ntdll                  PDB not found : c:\symbols\symbols\dll\wntdll.pdb
            Unable to locate the .pdb file in this location
Rob M
  • 1,007
  • 2
  • 17
  • 38
  • use `.sympath c:\symbols` without `srv*` – Thomas Weller Mar 09 '17 at 19:02
  • @ThomasWeller See my new output – Rob M Mar 09 '17 at 19:11
  • 1
    It's Windows, Windows is not case sensitive. It seems to me that you set the symbol path via some menu. If you do it via the menu, don't use `.sympath`, because `.sympath` is the command. If you type it into the command window, then you need `.sympath`. – Thomas Weller Mar 09 '17 at 19:42
  • 1
    Ok, so you have a machine with Internet where you can download symbols and then you can transport symbols via USB or something to the machine that you debug on. Is that correct? If so, there's a solution to your problem – Thomas Weller Mar 09 '17 at 19:46
  • I did download them to a machine that has internet access. I got them from here: https://developer.microsoft.com/en-us/windows/hardware/download-symbols. I downloaded the Server 2012 R2 checked. I then copied the msi over to the server and ran it. I believe I should have downloaded the Retail version. I'm doing that now. – Rob M Mar 09 '17 at 20:06
  • create a manifest file with symchk on the isolated machine and run symchk on the machine with internet access to fetch the symbol files using the previously created manifest file on the isolated machine and copy paste the downloaded symbol folder to sympath in isolated machine http://stackoverflow.com/questions/38038727/postprocess-drmemory-error-stacks-with-new-symbols-after-process-exits/38041667#38041667 – blabb Mar 09 '17 at 20:09
  • @blabb I attempted that, but I couldn't figure out how to run symchk – Rob M Mar 09 '17 at 20:10
  • symchk is in windbg folder just open a command prompt and run as i posted in the link at comment – blabb Mar 10 '17 at 06:59

1 Answers1

2

For both solutions, you need a copy of WinDbg (not neccesarily an installation). You find symchk in the WinDbg folder.

Solution for a specific dump / specific debug session

  1. On the machine where you're debugging, create crash dump file with .dump. Skip this step if you already have a crash dump file.

  2. At a command prompt, create a manifest file, i.e. a file that contains information about the symbols to be downloaded

    symchk /id <dumpfile>.dmp /om D:\symbols.manifest

    /id is for input = dump

    /om is for output = manifest

  3. Transfer that manifest file onto a machine with Internet access.

  4. On the Internet machine then run

    symchk /im X:\symbols.manifest /s srv*X:\downloadedsymbols\*http://msdl.microsoft.com/download/symbols /od

    at the command prompt.

    /im is for input = manifest

    /od is for output details (like verbose)

  5. Transfer the symbols back to the machine without Internet access. Copy them into a new folder, e.g. c:\downloadedsymbols, not c:\symbols . Don't use an existing symbol path, because the n-tier-layout might not match.

  6. Open the crash dump in WinDbg.

  7. Fix the symbols

    .sympath C:\downloadedsymbols

    and maybe

    .reload /f

Solution for retrieving all symbols of the machine without Internet

Note: this process may take really long, since it may download thousands of symbols

  1. At a command prompt, run 

    symchk /r /if %windir% /om D:\windir.manifest

    /r is for recursive

    /if is for input = files

    /om is for output = manifest

  2. Transfer that manifest file onto a different machine with Internet access.

  3. On the Internet machine, run

    symchk /im X:\windir.manifest /s srv*X:\winsymbols\*http://msdl.microsoft.com/download/symbols /od

    /im is for input = manifest

    /od is for output details (like verbose)

  4. Transfer the symbols back to the machine without Internet access. Copy them into a new folder, e.g. c:\winsymbols, not c:\symbols . Don't use an existing symbol path, because the n-tier-layout might not match.

  5. Use the symbols with

    .sympath C:\winsymbols
.reload
Thomas Weller
  • 55,411
  • 20
  • 125
  • 222
  • when attempting to run step 2 on the command line, `'symchk' is not recognized as an internal or external command ...` – Rob M Mar 09 '17 at 21:21
  • It's in the WinDbg folder. It's not a Windows command, it comes with the debugging tools for Windows – Thomas Weller Mar 09 '17 at 21:24
  • 1
    Nice, Thomas. I didn't know symchk could do that. I was going to suggest he just debug the dump on another machine, but I know that's not always possible. – Steve Johnson Mar 10 '17 at 02:27