-
-
[旧帖] [求助]windbg中本地的symbol无法加载 0.00雪花
-
发表于: 2008-9-25 17:10
-
想用windbg看一下内核代码,但是从微软网站上下载的symbol文件一直无法载入
请教一下windbg symbol的配置问题
下面是我加载memory.dmp文件时windbg显示的数据,请大家帮我看一下到底是什么问题,谢谢了!!!!!
操作系统是xp home edition sp2
symbol是WindowsXP-KB835935-SP2-slp-Symbols
WARNING: Inaccessible path: 'C:\Symbols'
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\MemoryDump\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: C:\Symbols;C:\WINDOWS\Symbols
Executable search path is: C:\WINDOWS\system32
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe -
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055b420
Debug session time: Wed Sep 24 09:58:29.480 2008 (GMT+8)
System Uptime: 0 days 0:33:09.076
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe -
Loading Kernel Symbols
..........................................................................................................................
Loading User Symbols
...Unable to read LDR_DATA_TABLE_ENTRY at 00262058 - NTSTATUS 0xC0000147
Loading unloaded module list
...........*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
WARNING: .reload failed, module list may be incomplete
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {80000000, 1, bf80b8b6, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Unable to read LDR_DATA_TABLE_ENTRY at 00262058 - NTSTATUS 0xC0000147
WARNING: .reload failed, module list may be incomplete
Unable to read LDR_DATA_TABLE_ENTRY at 00262058 - NTSTATUS 0xC0000147
WARNING: .reload failed, module list may be incomplete
Probably caused by : win32k.sys ( win32k+b8b6 )
Followup: MachineOwner
---------
请教一下windbg symbol的配置问题
下面是我加载memory.dmp文件时windbg显示的数据,请大家帮我看一下到底是什么问题,谢谢了!!!!!
操作系统是xp home edition sp2
symbol是WindowsXP-KB835935-SP2-slp-Symbols
WARNING: Inaccessible path: 'C:\Symbols'
Microsoft (R) Windows Debugger Version 6.9.0003.113 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [F:\MemoryDump\MEMORY.DMP]
Kernel Complete Dump File: Full address space is available
Symbol search path is: C:\Symbols;C:\WINDOWS\Symbols
Executable search path is: C:\WINDOWS\system32
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe -
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d8000 PsLoadedModuleList = 0x8055b420
Debug session time: Wed Sep 24 09:58:29.480 2008 (GMT+8)
System Uptime: 0 days 0:33:09.076
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntoskrnl.exe -
Loading Kernel Symbols
..........................................................................................................................
Loading User Symbols
...Unable to read LDR_DATA_TABLE_ENTRY at 00262058 - NTSTATUS 0xC0000147
Loading unloaded module list
...........*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
WARNING: .reload failed, module list may be incomplete
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 50, {80000000, 1, bf80b8b6, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Unable to read LDR_DATA_TABLE_ENTRY at 00262058 - NTSTATUS 0xC0000147
WARNING: .reload failed, module list may be incomplete
Unable to read LDR_DATA_TABLE_ENTRY at 00262058 - NTSTATUS 0xC0000147
WARNING: .reload failed, module list may be incomplete
Probably caused by : win32k.sys ( win32k+b8b6 )
Followup: MachineOwner
---------
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
