!avrf and ntdll symbols with typeinformation

raj_r · April 26, 2007, 2:24pm

i was trying to use the Application verifier on an application that
has a peculiar problem of freezing with a HUNG_GUI only on my pc

now doing !avrf i see this message

0:000> !avrf
No type information found for ntdll!_RTL_STACK_TRACE_ENTRY'. No type information found for ntdll!_RTL_STACK_TRACE_ENTRY’.

This extension requires symbols with type information
for ntdll.dll and verifier.dll.

Please fix the symbols for `ntdll.dll’.

This extension requires symbols with type information
for ntdll.dll and verifier.dll.

Please fix the symbols for `ntdll.dll’.

i have symbols for ntdll.dll

a snipped lmv output for ntdll

77f50000 77ff7000 ntdll ntdll.dll
Loaded symbol image file: C:\WINDOWS\System32\ntdll.dll
Symbol file: D:\Borland\odbg110\sym\ntdll.pdb\3D6DE29B2\ntdll.pdb
Image path: ntdll.dll
Timestamp: Thu Aug 29 16:10:40 2002 (3D6DFA28)
CheckSum: 000A92F6
ImageSize: 000A7000

so what other symbol file is this appverify is asking me to fix

does ms offer special symbols especially for ntdll to use in conjunction with
appverifier ?

also one offtopic q

can i post
adplus -pn full memory dump !analyze -v results here and ask
questions about it ?

this is not a driver it is an application ( a dll ) that freezes with
HUNG_GUI sporadically and not reproducable in other places

if i attach windbg it doesnt breakin and reports breakin failed

OSR_Community_User · April 26, 2007, 4:07pm

I can’t say that I have ever used Application Verifier, or ntdll symbols
for that matter, but this basic problem (extensions that rely on
Microsoft symbols that are missing) occurs non uncommonly in kernel
debugging, especially in the case of hal symbols. It sounds like this
is the case here, although it could just be a misleading message. I
don’t believe that RTL_STACK_TRACE_ENTRY is documented, so, if you get
desperate, and are willing to go on faith that the following is correct
(a quick google.com produced it; I think it is from tinykrnl, which I
know basically nothing about), you can add it to ntdll.pdb by creating a
header file with the following definition:

typedef struct _RTL_STACK_TRACE_ENTRY
{
struct _RTL_STACK_TRACE_ENTRY *HashChain;
ULONG TraceCount;
USHORT Index;
USHORT Depth;
PVOID BackTrace[32];
} RTL_STACK_TRACE_ENTRY, *PRTL_STACK_TRACE_ENTRY;

and compile it with (something like) this:

cl -c -Fdntdll.pdb -Tc

where ntdll.pdb is the one that WinDbg loads.

I believe that this should work. I’ve done something like this in the
past, but it has been a while. You might want to search the archives,
as I recall someone posting similar information about three weeks ago.

>>> xxxxx@gmail.com 2007-04-26 14:23 >>>
i was trying to use the Application verifier on an application that
has a peculiar problem of freezing with a HUNG_GUI only on my pc

now doing !avrf i see this message

0:000> !avrf
No type information found for ntdll!_RTL_STACK_TRACE_ENTRY'. No type information found for ntdll!_RTL_STACK_TRACE_ENTRY’.

This extension requires symbols with type information
for ntdll.dll and verifier.dll.

Please fix the symbols for ntdll.dll'. This extension requires symbols with type information for ntdll.dll and verifier.dll. Please fix the symbols for ntdll.dll’.

i have symbols for ntdll.dll

a snipped lmv output for ntdll

77f50000 77ff7000 ntdll ntdll.dll
Loaded symbol image file: C:\WINDOWS\System32\ntdll.dll
Symbol file: D:\Borland\odbg110\sym\ntdll.pdb\3D6DE29B2\ntdll.pdb
Image path: ntdll.dll
Timestamp: Thu Aug 29 16:10:40 2002 (3D6DFA28)
CheckSum: 000A92F6
ImageSize: 000A7000

so what other symbol file is this appverify is asking me to fix

does ms offer special symbols especially for ntdll to use in
conjunction with
appverifier ?

also one offtopic q

can i post
adplus -pn full memory dump !analyze -v results here and ask
questions about it ?

this is not a driver it is an application ( a dll ) that freezes with
HUNG_GUI sporadically and not reproducable in other places

if i attach windbg it doesnt breakin and reports breakin failed

—
You are currently subscribed to windbg as: xxxxx@evitechnology.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · April 27, 2007, 3:41am

What OS is this? I can see this type in public ntdll symbols
for XP SP2. If you’re on W2K then I think it’s expected
because public W2K symbols did not have type info.

microsoft.public.win32.programmer.tools is a better
newsgroup for appverifier questions.

–
This posting is provided “AS IS” with no warranties, and confers no
rights.

“raj_r” wrote:

i was trying to use the Application verifier on an application that
has a peculiar problem of freezing with a HUNG_GUI only on my pc

now doing !avrf i see this message

0:000> !avrf
No type information found for ntdll!_RTL_STACK_TRACE_ENTRY'. No type information found for ntdll!_RTL_STACK_TRACE_ENTRY’.

This extension requires symbols with type information
for ntdll.dll and verifier.dll.

Please fix the symbols for `ntdll.dll’.

This extension requires symbols with type information
for ntdll.dll and verifier.dll.

Please fix the symbols for `ntdll.dll’.

i have symbols for ntdll.dll

a snipped lmv output for ntdll

77f50000 77ff7000 ntdll ntdll.dll
Loaded symbol image file: C:\WINDOWS\System32\ntdll.dll
Symbol file: D:\Borland\odbg110\sym\ntdll.pdb\3D6DE29B2\ntdll.pdb
Image path: ntdll.dll
Timestamp: Thu Aug 29 16:10:40 2002 (3D6DFA28)
CheckSum: 000A92F6
ImageSize: 000A7000

so what other symbol file is this appverify is asking me to fix

does ms offer special symbols especially for ntdll to use in conjunction
with
appverifier ?

raj_r · April 27, 2007, 5:22am

Pavel

the os is winxp-sp1 not sp2
thanks i will give winprog.tools a spin

Martin

thanks for the pdb updating trick

yes i saw the post that had similar content and had responded to it too
was going to try it op that posted the info you gave was pavel lebedinsky

Thanks and Regards
raj_r

On 4/27/07, Pavel Lebedinsky wrote:
> What OS is this? I can see this type in public ntdll symbols
> for XP SP2. If you’re on W2K then I think it’s expected
> because public W2K symbols did not have type info.
>
> microsoft.public.win32.programmer.tools is a better
> newsgroup for appverifier questions.
>
> –
> This posting is provided “AS IS” with no warranties, and confers no
> rights.
>
> “raj_r” wrote:
>
> >i was trying to use the Application verifier on an application that
> > has a peculiar problem of freezing with a HUNG_GUI only on my pc
> >
> > now doing !avrf i see this message
> >
> > 0:000> !avrf
> > No type information found for ntdll!_RTL_STACK_TRACE_ENTRY'. > > No type information found for ntdll!_RTL_STACK_TRACE_ENTRY’.
> >
> > This extension requires symbols with type information
> > for ntdll.dll and verifier.dll.
> >
> > Please fix the symbols for ntdll.dll'. > > > > This extension requires symbols with type information > > for ntdll.dll and verifier.dll. > > > > Please fix the symbols for ntdll.dll’.
> >
> > i have symbols for ntdll.dll
> >
> > a snipped lmv output for ntdll
> >
> > 77f50000 77ff7000 ntdll ntdll.dll
> > Loaded symbol image file: C:\WINDOWS\System32\ntdll.dll
> > Symbol file: D:\Borland\odbg110\sym\ntdll.pdb\3D6DE29B2\ntdll.pdb
> > Image path: ntdll.dll
> > Timestamp: Thu Aug 29 16:10:40 2002 (3D6DFA28)
> > CheckSum: 000A92F6
> > ImageSize: 000A7000
> >
> > so what other symbol file is this appverify is asking me to fix
> >
> > does ms offer special symbols especially for ntdll to use in conjunction
> > with
> > appverifier ?
>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

raj_r · May 15, 2007, 12:35pm

so xp-sp1 does not hold many other symbol information too in the pdbs it seems

the help files just say these commands work in xp

is there a requirement that the stated xp is xp-sp2 and not xp-sp1

i find this symbol info is missing while help file reels off reams of output

*** objects of the same type are only linked together if the 4000 flag is set in
NtGlobalFlags
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: OBJECT_HEADER_CREATOR_INFO ***
*** ***
*************************************************************************

On 4/27/07, raj_r wrote:
> Pavel
>
> the os is winxp-sp1 not sp2
> thanks i will give winprog.tools a spin
>
> Martin
>
> thanks for the pdb updating trick
>
> yes i saw the post that had similar content and had responded to it too
> was going to try it op that posted the info you gave was pavel lebedinsky
>
> Thanks and Regards
> raj_r
>
>
>
> On 4/27/07, Pavel Lebedinsky wrote:
> > What OS is this? I can see this type in public ntdll symbols
> > for XP SP2. If you’re on W2K then I think it’s expected
> > because public W2K symbols did not have type info.
> >
> > microsoft.public.win32.programmer.tools is a better
> > newsgroup for appverifier questions.
> >
> > –
> > This posting is provided “AS IS” with no warranties, and confers no
> > rights.
> >
> > “raj_r” wrote:
> >
> > >i was trying to use the Application verifier on an application that
> > > has a peculiar problem of freezing with a HUNG_GUI only on my pc
> > >
> > > now doing !avrf i see this message
> > >
> > > 0:000> !avrf
> > > No type information found for ntdll!_RTL_STACK_TRACE_ENTRY'. > > > No type information found for ntdll!_RTL_STACK_TRACE_ENTRY’.
> > >
> > > This extension requires symbols with type information
> > > for ntdll.dll and verifier.dll.
> > >
> > > Please fix the symbols for ntdll.dll'. > > > > > > This extension requires symbols with type information > > > for ntdll.dll and verifier.dll. > > > > > > Please fix the symbols for ntdll.dll’.
> > >
> > > i have symbols for ntdll.dll
> > >
> > > a snipped lmv output for ntdll
> > >
> > > 77f50000 77ff7000 ntdll ntdll.dll
> > > Loaded symbol image file: C:\WINDOWS\System32\ntdll.dll
> > > Symbol file: D:\Borland\odbg110\sym\ntdll.pdb\3D6DE29B2\ntdll.pdb
> > > Image path: ntdll.dll
> > > Timestamp: Thu Aug 29 16:10:40 2002 (3D6DFA28)
> > > CheckSum: 000A92F6
> > > ImageSize: 000A7000
> > >
> > > so what other symbol file is this appverify is asking me to fix
> > >
> > > does ms offer special symbols especially for ntdll to use in conjunction
> > > with
> > > appverifier ?
> >
> >
> >
> > —
> > You are currently subscribed to windbg as: xxxxx@gmail.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>

OSR_Community_User · May 17, 2007, 8:12am

What command are you trying to use, and what is the extension version
(reported by .chain)?

Does it work if you do this:

kd> dt nt!_OBJECT_HEADER_CREATOR_INFO

–
This posting is provided “AS IS” with no warranties, and confers no
rights.

“raj_r” wrote:

so xp-sp1 does not hold many other symbol information too in the pdbs it
seems

the help files just say these commands work in xp

is there a requirement that the stated xp is xp-sp2 and not xp-sp1

i find this symbol info is missing while help file reels off reams of
output

*** objects of the same type are only linked together if the 4000 flag is
set in
NtGlobalFlags
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: OBJECT_HEADER_CREATOR_INFO ***
*** ***
*************************************************************************

raj_r · May 17, 2007, 11:37am

i was trying to use !lpc port

here is the cut paste from help file

Here are several examples of the output from this extension from a
Windows XP system:

In this example, all port LPC ports are displayed.

kd> !lpc port
Scanning 225 objects
1 Port: 0xe1405650 Connection: 0xe1405650 Communication:
0x00000000 ‘SeRmCommandPort’
1 Port: 0xe141ef50 Connection: 0xe141ef50 Communication:
0x00000000 ‘SmApiPort’
1 Port: 0xe13c5740 Connection: 0xe13c5740 Communication:
0x00000000 ‘ApiPort’
1 Port: 0xe13d9550 Connection: 0xe13d9550 Communication:
0x00000000 ‘SbApiPort’
3 Port: 0xe13d8830 Connection: 0xe141ef50 Communication:
0xe13d8910 ‘’
80000004 Port: 0xe13d8910 Connection: 0xe141ef50 Communication:
0xe13d8830 ‘’
3 Port: 0xe13d8750 Connection: 0xe13d9550 Communication:
0xe13a4030 ‘’

im using the latest 6.6.7.5 windg

lkd> ^W
Local KD
command line: ‘kd -kl’ Debugger Process 0x80C
dbgeng: image 6.7.0005.0, built Thu Mar 29 23:38:54 2007
[path: C:\Program Files\Debugging Tools for Windows\dbgeng.dll]
dbghelp: image 6.7.0005.0, built Thu Mar 29 23:38:09 2007
[path: C:\Program Files\Debugging Tools for Windows\dbghelp.dll]
DIA version: 20119

Extension DLL chain:
dbghelp: image 6.7.0005.0, API 6.0.6, built Thu Mar 29 23:38:09 2007
[path: C:\Program Files\Debugging Tools for Windows\dbghelp.dll]
ext: image 6.7.0005.0, API 1.0.0, built Thu Mar 29 23:38:03 2007
[path: C:\Program Files\Debugging Tools for Windows\winext\ext.dll]
exts: image 6.7.0005.0, API 1.0.0, built Thu Mar 29 23:37:47 2007
[path: C:\Program Files\Debugging Tools for Windows\WINXP\exts.dll]
kext: image 6.7.0005.0, API 1.0.0, built Thu Mar 29 23:37:47 2007
[path: C:\Program Files\Debugging Tools for Windows\winext\kext.dll]
kdexts: image 6.0.6001.16470, API 1.0.0, built Thu Mar 29 23:55:02 2007
[path: C:\Program Files\Debugging Tools for Windows\WINXP\kdexts.dll]
lkd>

no dt didnt show me the type as well it erred with contact the group
that provided you the symbols blah blah

ill come back later im going to simply consign the whole directory to
flames and
fetch new symbols

thanks and regards
raj_r

On 5/17/07, Pavel Lebedinsky wrote:
> What command are you trying to use, and what is the extension version
> (reported by .chain)?
>
> Does it work if you do this:
>
> kd> dt nt!_OBJECT_HEADER_CREATOR_INFO
>
> –
> This posting is provided “AS IS” with no warranties, and confers no
> rights.
>
> “raj_r” wrote:
>
> > so xp-sp1 does not hold many other symbol information too in the pdbs it
> > seems
> >
> > the help files just say these commands work in xp
> >
> > is there a requirement that the stated xp is xp-sp2 and not xp-sp1
> >
> > i find this symbol info is missing while help file reels off reams of
> > output
> >
> > objects of the same type are only linked together if the 4000 flag is
> > set in
> > NtGlobalFlags
> >**********************************************************************
> > ******
> > ******
> > Your debugger is not using the correct symbols
> > ******
> > In order for this command to work properly, your symbol path
> > must point to .pdb files that have full type information.
> > ******
> > Certain .pdb files (such as the public OS symbols) do not
> > contain the required information. Contact the group that
> > provided you with these symbols if you need this command to
> > work.
> > ******
> > Type referenced: OBJECT_HEADER_CREATOR_INFO
> > ******
> > *************************************************************************
>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>