OSRLogoOSRLogoOSRLogo x OSR Custom Development Services

Everything Windows Driver Development

GoToHomePage xLoginx

    Thu, 14 Mar 2019     118020 members


  Online Dump Analyzer
OSR Dev Blog
The NT Insider
The Basics
File Systems
ListServer / Forum
  Express Links
  · The NT Insider Digital Edition - May-June 2016 Now Available!
  · Windows 8.1 Update: VS Express Now Supported
  · HCK Client install on Windows N versions
  · There's a WDFSTRING?
  · When CAN You Call WdfIoQueueP...ously

Resolving Symbol Problems in WinDBG

The first rule for anyone thinking of using the Windows debugger is to get the current versionThe debugger is updated on a routine basis and as a result it really is important to ensure that you grab the latest and greatest version.  As of the writing of this article, the current version can be found at:


There is usually a release version as well as a pre-release version available.  Grab either one - they are very likely to be better than the debugger version you are using.

If you plan on building your own debugger extensions (probably not likely when you first get started, but once you use this debugger you'll be chomping at the bit to add your own extensions to it) make sure you choose a "custom" installation and install the debugger SDK - otherwise you won't have the header files and libraries you need.

OK.  Having downloaded the debugger the first challenge is normally getting the symbols set up.  Fortunately, the debugger team at Microsoft has made this incredibly easy.  If you go back to the same place you got the debugger (http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx) you will see information about using the symbol server as well as downloading the symbols for various versions of Windows.  We strongly recommend that you use the symbol server whenever possible, especially when getting started with the debugger.  To set up symbols using the symbol server you will need to set up a temporary storage area - any directory within your file system will do the trick  If your disk space is at a premium and you are using NTFS, make sure you turn on compression for that temporary storage area.  For example, on my system I place the symbols in f:\symbols\websymbols but you can put them anywhere - even on a network drive.  Then, once I start up the debugger and before I start debugging anything I set up the initial symbol path.  Do this by pressing Ctrl+S or by choosing "Symbol File Path" from the File menu.  This will pop up a little dialog box where you enter your symbol file search path.  So in my case I entered:


Having done this, you can now attempt to connect to your remote system (if you are doing live debugging) or your crash dump (if you are doing post-mortem debugging).  In either case the debugger will ask you if you want to save the workspace.  You want to say YES here because that will record that symbol path as your base symbol path.  Now, when you create a new workspace it will always start with this path (note that if you have existing workspaces, this will not update them).

Alternatively, if you forgot to setup your symbol search path to start with and the debugger scolds you -- or if you can't remember the syntax of the symbol server's search path -- you can always break-in and tell the debugger to setup your symbol path for you:

.symfix f:\symbols\websymbols

Where f:\symbols\websymbols is, once again, the location of my local symbol store.

You can go back and add additional paths at any time - these will be specific to the thing you are currently debugging, so they won't show up in your base workspace.  Each additional path should be separated using a semi-colon (;).  So if my driver symbols are in z:\mydriver, I would then have the following in my symbol search path:


Suppose, however, that the debugger is telling you that it cannot find your symbols or the symbols for OS modules (oh, like ntoskrnl.exe since the debugger is pretty much useless if it cannot find those symbols).  In that case you can enable noisy symbols, so the debugger will report to you where it is looking for symbols.  In our experience, once you can see where the debugger is looking, you will know where it is not looking and hence why it cannot find your symbols.  Maybe you've entered the path incorrectly (WinDBG does not have a built-in spell checker, nor does it have any fuzzy logic module that says "oh, gee, they must have meant this OTHER directory with a very similar name).  Maybe the symbols really do not match (hey, it happens) but at least you'll know where the debugger is checking!

At this point you should have everything set up and working.  Happy Debugging!


Related Articles
Enabling Debugging on the Local Machine for Windows XP®
More on Kernel Debugging - KMODE_EXCEPTION_NOT_HANDLED
Making WinDbg Your Friend - Creating Debugger Extensions
Life Support for WinDbg - New Windows NT Support Tools
Microsoft Symbol Server LIVE on the Internet
Special Win2K PnP Tracing and Checks
Choose Your Weapon: Kernel Mode Debuggers - a Choice at Last
Wild Speculation -- Debugging Another Crash Dump
Getting DbgPrint Output To Appear In Vista and Later
I Hooked Up The Debugger Using 1394, and NOW...

User Comments
Rate this article and give us feedback. Do you find anything missing? Share your opinion with the community!
Post Your Comment

"Great Article"

Although I discovered how to set up symbols before reading this article, I wish I would have found the article first. I still learned some great tips from the article. Like the noisy symbols!

If I remember correctly from my readings, I am a very basic beg, there is a difference between "some" symbols available on public access and a symbol storecreated after downloading the appropriate symbols. Is this true? If it is, it would be nice to know the difference.

THanks again,

03-Sep-06, Quidnunc Simcha

"Windbg error code."
Good intro article on windbg. Meanwhile, I am wondering whether anyone know the meaning of error code 0x1 that windbg shows on screen when it tries to download the ntoskrnl.exe symbol? I can see on screen certain number of bytes of data is transfered from symbol server and then it displays the above error code.

15-Mar-06, Allen T

Post Your Comments.
Print this article.
Email this article.
bottom nav links