0

I'm trying to load pykd.pyd in order to be able to use Python during Windbg crash dump analysis. This does not work, as you can see here:

0:006> .load C:\Python27\Lib\site-packages\pykd.pyd
The call to LoadLibrary(C:\Python27\Lib\site-packages\pykd.pyd) failed,
Win32 error 0n126
    "The specified module could not be found."
Please check your debugger configuration and/or network access.

For your information, I have started, opening Windbg (version x86) and opening a crash dump file, and I can confirm that the mentioned pykd.pyd file is present.

If I put the filename between double quotes, I get another error message, as you can see here:

0:006> .load "C:\Python27\Lib\site-packages\pykd.pyd"
The call to LoadLibrary(C:Python27Libsite-packagespykd.pyd) failed, 
Win32 error 0n2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.

(It might be important to mention that both Win32 errors are different!)

Does anybody know what might cause this issue?

Thanks in advance

Dominique
  • 16,450
  • 15
  • 56
  • 112

2 Answers2

2

The Error Codes

The error message corresponds to the error codes. You can check that with the !error command:

0:000> !error 0n2
Error code: (Win32) 0x2 (2) - The system cannot find the file specified.
0:000> !error 0n126
Error code: (Win32) 0x7e (126) - The specified module could not be found.

So: nothing new here. WinDbg already told us.

The Quotation Marks

Since you are already debugging, let's debug this problem as well. Just know the right tool, which is Process Monitor.

Set up a filter like so:

  1. "Process name", "contains", "windbg.exe", then "Include"
  2. "Process name", "contains", "EngHost.exe", then "Include"

Process Monitor filter

Now run the command

0:000> .load "c:\hello"

and you'll see that the quotes will mess up everything:

Quotes search in strange places

Now try

0:000> .load c:\hello

and you'll see that it searches in the right place:

Searching without quotes is ok

Conclusion: .load is without quotation marks.

Loading PyKD

You are probably aware that there is 32 bit and 64 bit. And you can't load 32 bit DLLs in 64 bit processes nor 64 bit DLLs in 32 bit processes.

Same goes for debugging extensions: if you use 64 Bit WinDbg, you need 64 bit extensions. If you use 32 bit WinDbg, you need 32 bit extensions.

So first of all, check if your PyKD DLL (or .pyd here, which is actually .dll, just rename it) has the correct bitness (32 bit if I read that correctly).

Now, the 32 bit PyKD DLL will need a 32 bit installation of Python to run correctly. And likewise, 64 bit PyKD will need a 64 bit installation of Python.

Again you can help yourself with the right debugging tool. Process Monitor clearly shows that pykd.pyd is loaded successfully, but the dependency python38.dll (in my case, maybe Python 2.7 for you) is not:

Python38 not found

For the following, I'm not 100% sure, but IMHO:

  1. The PyKd DLL will try to find a Python system installation (as opposed to a virtual environment or venv).
  2. That system installation must be in %PATH%
  3. While you could have a 32 bit and 64 bit Python installation in the %PATH% variable, it will find one of them first. It might be the correct one or not.

Conclusion: put only one Python installation in %PATH% and use the correct bitness. Currently I only know this solution. Maybe the PyKD team posts an answer as well and explains how it can be done without modifying %PATH% all the time.

Thomas Weller
  • 55,411
  • 20
  • 125
  • 222
1

Don't load python package directly ( C:\Python27\Lib\site-packages\pykd.pyd ). It is a legacy unsupported way.

You need the special python bootstrapper for windbg: https://githomelab.ru/pykd/pykd-ext

ussrhero
  • 606
  • 4
  • 5