Bad symbols for NTDLL (error 3). Aborting.while trying !cs

Question

Bad symbols for NTDLL (error 3). Aborting.while trying !cs

I'm trying to debug a winproc hang, and I've gotten some indication to use Windbg to help diagnose potential deadlocks. I've set up Windbg with my application and I can use most commands to view the call stack, thread info, but when I try to use the !locks command or !cs command, I get errors:

0:001> !cs
Bad symbols for NTDLL (error 3). Aborting.

0:001> !locks
NTSDEXTS: invalid _LIST_ENTRY size 0

It appears that NTDLL symbols ARE loaded, but they aren't marked as private:

0:000> lml
start    end        module name
52a30000 52ba6000   ucrtbased   (private pdb symbols)  d:\symbols\ucrtbased.pdb\0F3C5DC8A01A426B9197C1C6F9D65B952\ucrtbased.pdb
6f7d0000 6f939000   gdiplus    (pdb symbols)          d:\symbols\gdiplus.pdb\97B305DF372F937D3656734FE2D120291\gdiplus.pdb
75ba0000 75d9c000   KERNELBASE   (pdb symbols)          d:\symbols\wkernelbase.pdb\BE4EFBF27F4707B61B923C328265C4FA1\wkernelbase.pdb
76780000 76860000   KERNEL32   (pdb symbols)          d:\symbols\wkernel32.pdb\7D80824F9CCE7C819044B16FD421C63D1\wkernel32.pdb
76990000 769a7000   win32u     (pdb symbols)          d:\symbols\wwin32u.pdb\CF6D6C9C1D66836C529E375FEF89D5CA1\wwin32u.pdb
76ad0000 76c67000   USER32     (pdb symbols)          d:\symbols\wuser32.pdb\18730BBE34B47D5A8C8F371BE07F469B1\wuser32.pdb
77850000 779ea000   ntdll      (pdb symbols)          d:\symbols\wntdll.pdb\D85FCE08D56038E2C69B69F29E11B5EE1\wntdll.pdb

Note: some symbols omitted for privacy

When I try to reload them:

0:000> !sym noisy
noisy mode - symbol prompts on
0:000> .reload
Reloading current modules
................................................
DBGHELP: d:\myapp\symbols\wntdll.pdb - file not found
DBGHELP: d:\myapp\symbols\dll\wntdll.pdb - file not found
DBGHELP: d:\myapp\symbols\symbols\dll\wntdll.pdb - file not found
SYMSRV:  BYINDEX: 0x1D
         d:\symbols*https://msdl.microsoft.com/download/symbols
         wntdll.pdb
         D85FCE08D56038E2C69B69F29E11B5EE1
SYMSRV:  PATH: d:\symbols\wntdll.pdb\D85FCE08D56038E2C69B69F29E11B5EE1\wntdll.pdb
SYMSRV:  RESULT: 0x00000000
DBGHELP: ntdll - public symbols  
        d:\symbols\wntdll.pdb\D85FCE08D56038E2C69B69F29E11B5EE1\wntdll.pdb

It only loads public symbols.

I wonder if the problem has to do with public vs private symbols for ntdll, so I used symchk

C:\>symchk.exe ntdll.dll /su $_NT_SYMBOLS_PATH$

SYMCHK: ntdll.dll            FAILED  - wntdll.pdb mismatched or not found
SYMCHK: FAILED files = 1
SYMCHK: PASSED + IGNORED files = 0

I also tried symchk with -sup parameters and got the same error.

What can I do to allow !cs to work in windbg??

windbg

asked on Stack Overflow Nov 11, 2019 by

sobadola

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0