Thank you very much working fine now … I didn’t know that I had to have
WinDDK on my host …
Cheers
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Sunday, October 19, 2008 1:01 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Symbols not detected
The easiest way to get symbols working, which is the very first thing you
need to do - everything else is a complete waste of time
until you do - is to install the WDK & WinDbg on one machine, which you
really should refer to as the ‘host’ in order to be
consistent with windbg terminology. Windbg’s terminology for this stuff is
very confusing, but in order for all of us to know that
we are talking about the same thing, you should stick to it.
host - the machine that runs windbg
target - the machine that is being debugged.
and for our purposes:
build - the machine on which the wdk is installed and on which you build the
driver
You definitely want to avoid the terms ‘client’ and ‘server,’ because they
have specific windbg meanings, and also pretty much
everything that comes out of MSFT is expressed in terms of ‘client’ and
‘server.’ In the windbg context, a ‘client’ is part of a
remote debugging setup. It doesn’t sound like that’s what you mean, but if
it is, my bad.
So, given those two definitions:
Does build == host?
If you setup things this way, everything should just ‘work,’ as long as you
set .sympath to search the msft symbol server, which you
appear to do.
If not, given that you’re new to this, then you’re making your life more
difficult than it needs to be, unless you have some other
reason. It appears that you are building on the target (build == target);
you should never do that for kernel development, because
you will lose it all (source, et. c.) is you trash the target, which happens
in kernel work.
If you still wish to to get this to work, the easiest way that I know of to
accomplish this is to use ‘symstore’ to add the symbols
to your symbol store (‘d:\debugsymbols’). The command line would like
something like this:
symstore add /s d:\debugsymbols /f
c:\winddk\6001.18000\src\filesys\minifilter\minispy\filter\objchk_wxp_x86\i3
86 /r /p
- ‘/s’ specifies the root directory of the symbol store (d:\debugsymbols)
- ‘/f’ is the path of either the file to add to the symbol store or either
the file to add or the folder whose contents should be
added. It’s easiest to just add the folder (as above) and let symstore sort
out which files need to be added and which don’t.
- ‘/r’ tells symstore to process the directory specified with ‘/f’
recursively to include any appropriate files that are contained
in any subdirectories. In your case, it doesn’t matter (I think), but it
doesn’t hurt to specify it (assuming you specified a
directory with ‘/f’), other than possibly increasing the size of the symbol
server.
- ‘/p’ specifies the name of your product, which you must provide in place
of ‘PRODUCT’ above. I have no idea of what the purpose
of this field is, so just make up something and use it consistently (though
I don’t think that this matters either).
Good luck,
mm
Ahmed Zaki wrote:
> .sympath
>
>
>
> Symbol search path is:
> SRVd:\DebugSymbolshttp://msdl.microsoft.com/download/symbols
>
>
>
> !sym noisy
>
>
>
> noisy mode - symbol prompts on
>
>
>
> .reload /f minispy.sys
>
>
>
> SYMSRV:
> d:\DebugSymbols\minispy.pdb\4DC4EF7E3962419FB49450F12B64726A1\minispy.pdb
> not found
>
> SYMSRV:
>
http://msdl.microsoft.com/download/symbols/minispy.pdb/4DC4EF7E3962419FB4945
0F12B64726A1/minispy.pdb
> not found
>
> DBGHELP:
>
c:\winddk\6001.18000\src\filesys\minifilter\minispy\filter\objchk_wxp_x86\i3
86\minispy.pdb
> - file not found
>
> *** ERROR: Module load completed but symbols could not be loaded for
> minispy.sys
>
> DBGHELP: minispy - no symbols loaded
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] *On Behalf Of *Jen-Lung Chiu
> Sent: Sunday, October 19, 2008 4:41 AM
> To: Kernel Debugging Interest List
> Subject: RE: [windbg] Symbols not detected
>
>
>
> What is the kd output of the following commands?
>
>
>
> .sympath
>
> !sym noisy
>
> .reload /f minispy.sys
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] *On Behalf Of *Ahmed Zaki
> Sent: Saturday, October 18, 2008 8:17 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] Symbols not detected
>
>
>
> Hi all
>
>
>
> I am a noob who is trying to learn how to debug kernel.
> I am trying to learn how to debug minispy minifilter driver. My setup is
> through Vmware as the debuggee and my host as the client. I have built
> the driver in the virtual machine and have started the service . In my
> host I have set the sympathy to look in the Microsoft servers and a
> folder is present on my system to have also the copies on them whenever
> a symbol is loaded. When I set the breakpoint at the DriverEntry I get
>
>
>
> Module load completed but symbols could not be loaded for minispy.sys
>
> Breakpoint 0’s offset expression evaluation failed.
>
> Check for invalid symbols or bad syntax.
>
> WaitForEvent failed
>
> nt!wctomb+0x1c5:
>
> 80509bbf 5d pop ebp
>
>
>
> I am running both server and client Windows XP . I have copied the pdb
> file from the server onto the client in the sym search path but no
> success or maybe I need to set a certain folder structure ??
>
> Any help is appreciated.
>
>
>
> Ahmed
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 3535 (20081018)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
> —
> You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 3535 (20081018)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
—
You are currently subscribed to windbg as: xxxxx@gmail.com
To unsubscribe send a blank email to xxxxx@lists.osr.com