I am not able to load the NT symbols in Windows XP debugging in a virtual machine?
Whenever I try to debug the kernel I get
Connected to Windows Server 2003 3790 x64 target at (Sun Sep 16 20:34:24.534 2018 (GMT-3)), ptr64 TRUE
Kernel Debugger connection established. (Initial Breakpoint requested)
Symbol search path is: .sympath srv*
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
Windows Server 2003 Kernel Version 3790 MP (1 procs) Free x64
Built by: 3790.srv03_sp1_rtm.050324-1447
Machine Name:
Kernel base = 0xfffff800`01000000 PsLoadedModuleList = 0xfffff800`011ad0c0
System Uptime: not available
Break instruction exception - code 80000003 (first chance)
I did a lot of research, but I did not succeed, when I try to call !process 0 0 This returns me too
**** NT ACTIVE PROCESS DUMP ****
NT symbols are incorrect, please fix symbols
lm: fffff800 - 01000000 fffff800 - 0146e000 nt (export symbols) ntkrnlmp.exe
I have tried to download the symbols from the servers but to no avail.
Edited new:
1: kd> .symfix
DBGHELP: Symbol Search Path: cache*;SRV*https://msdl.microsoft.com/download/symbols
SYMSRV: BYINDEX: 0x5
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym
ntkrnlmp.pdb
82DCF67A38274C9CA99B60B421D2786D2
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\ntkrnlmp.pdb - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\ntkrnlmp.pd_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\file.ptr - path not found
SYMSRV: RESULT: 0x80070003
SYMSRV: BYINDEX: 0x6
https://msdl.microsoft.com/download/symbols
ntkrnlmp.pdb
82DCF67A38274C9CA99B60B421D2786D2
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\ntkrnlmp.pdb - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\ntkrnlmp.pd_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/index2.txt
SYMSRV: HttpQueryInfo: 80190190 - HTTP_STATUS_BAD_REQUEST
SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/82DCF67A38274C9CA99B60B421D2786D2/ntkrnlmp.pdb
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/82DCF67A38274C9CA99B60B421D2786D2/ntkrnlmp.pd_
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/82DCF67A38274C9CA99B60B421D2786D2/file.ptr
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGHELP: ntkrnlmp.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
DBGHELP: nt - export symbols
1: kd> .reload
Connected to Windows Server 2003 3790 x64 target at (Mon Sep 17 12:59:25.876 2018 (UTC - 3:00)), ptr64 TRUE
SYMSRV: BYINDEX: 0x7
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym
ntkrnlmp.pdb
82DCF67A38274C9CA99B60B421D2786D2
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\ntkrnlmp.pdb - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\ntkrnlmp.pd_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\file.ptr - path not found
SYMSRV: RESULT: 0x80070003
SYMSRV: BYINDEX: 0x8
https://msdl.microsoft.com/download/symbols
ntkrnlmp.pdb
82DCF67A38274C9CA99B60B421D2786D2
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\ntkrnlmp.pdb - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\ntkrnlmp.pd_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntkrnlmp.pdb\82DCF67A38274C9CA99B60B421D2786D2\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/82DCF67A38274C9CA99B60B421D2786D2/ntkrnlmp.pdb
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/82DCF67A38274C9CA99B60B421D2786D2/ntkrnlmp.pd_
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/82DCF67A38274C9CA99B60B421D2786D2/file.ptr
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGHELP: ntkrnlmp.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
DBGHELP: nt - export symbols
Loading Kernel Symbols
.................
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................
................................
Loading User Symbols
........
Loading unloaded module list
......
SYMSRV: BYINDEX: 0x9
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym
ntdll.dll
42438B79139000
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dll - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dl_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\file.ptr - path not found
SYMSRV: RESULT: 0x80070003
SYMSRV: BYINDEX: 0xA
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym*https://msdl.microsoft.com/download/symbols
ntdll.dll
42438B79139000
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dll - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dl_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/ntdll.dll
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/ntdll.dl_
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/file.ptr
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGHELP: C:\Program Files (x86)\Windows Kits\10\Debuggers\ntdll.dll - file not found
SYMSRV: BYINDEX: 0xB
https://msdl.microsoft.com/download/symbols
ntdll.dll
42438B79139000
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dll - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dl_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/ntdll.dll
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/ntdll.dl_
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/file.ptr
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGHELP: C:\Program Files (x86)\Windows Kits\10\Debuggers\ntdll.dll - file not found
SYMSRV: BYINDEX: 0xC
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym
ntdll.dll
42438B79139000
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dll - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dl_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\file.ptr - path not found
SYMSRV: RESULT: 0x80070003
SYMSRV: BYINDEX: 0xD
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym*https://msdl.microsoft.com/download/symbols
ntdll.dll
42438B79139000
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dll - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dl_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/ntdll.dll
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/ntdll.dl_
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/file.ptr
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGHELP: C:\Program Files (x86)\Windows Kits\10\Debuggers\ntdll.dll - file not found
SYMSRV: BYINDEX: 0xE
https://msdl.microsoft.com/download/symbols
ntdll.dll
42438B79139000
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dll - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\ntdll.dl_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dll\42438B79139000\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/ntdll.dll
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/ntdll.dl_
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dll/42438B79139000/file.ptr
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGENG: C:\WINDOWS\system32\ntdll.dll image header does not match memory image header.
DBGENG: C:\WINDOWS\system32\ntdll.dll - Couldn't map image from disk.
DBGHELP: No debug info for ntdll.dll. Searching for dbg file
SYMSRV: BYINDEX: 0xF
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym
ntdll.dbg
42438B79139000
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dbg\42438B79139000\ntdll.dbg - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dbg\42438B79139000\ntdll.db_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dbg\42438B79139000\file.ptr - path not found
SYMSRV: RESULT: 0x80070003
SYMSRV: BYINDEX: 0x10
C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym*https://msdl.microsoft.com/download/symbols
ntdll.dbg
42438B79139000
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dbg\42438B79139000\ntdll.dbg - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dbg\42438B79139000\ntdll.db_ - path not found
SYMSRV: UNC: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\sym\ntdll.dbg\42438B79139000\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/ntdll.dbg/42438B79139000/ntdll.dbg
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dbg/42438B79139000/ntdll.db_
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/ntdll.dbg/42438B79139000/file.ptr
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGHELP: .\ntdll.dbg - file not found
DBGHELP: .\dll\ntdll.dbg - path not found
DBGHELP: .\symbols\dll\ntdll.dbg - path not found
DBGHELP: ntdll.dll missing debug info. Searching for pdb anyway
DBGHELP: Can't use symbol server for ntdll.pdb - no header information available
DBGHELP: ntdll.pdb - file not found
*** ERROR: Module load completed but symbols could not be loaded for ntdll.dll
DBGHELP: ntdll - no symbols loaded
************* Symbol Loading Error Summary **************
Module name Error
ntkrnlmp The system cannot find the file specified
The SYMSRV client failed to find a file in the UNC store, or there
is an invalid UNC store (an invalid path or the pingme.txt file is
not present in the root directory), or the file is present in the
symbol server exclusion list.
ntdll PDB not found : cache*
Unable to locate the .pdb file in this location
No header information available : SRV*https://msdl.microsoft.com/download/symbols
The header information required for PDB lookup is unavailable.
the output of the ld* was immense can not be shown here, There would be no way for me to get these symbols manually ?
ProgramadorW0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0