WinDbg 符号下载错误解决方案

WinDbg 800C2EFD（ERROR_INTERNET_CANNOT_CONNECT）符号下载错误

有时候我们在使用WINDBG的时候，会碰到没有符号的情况；很正常的情况，我们需要加载符号表。

但是有时我们会遇到比较奇怪的错误：

0:000> .reload /f ntdll=00007ffc`df0c0000
SYMSRV:  BYINDEX: 0xC
         e:\symbols
         ntdll.pdb
         0C2E19EA1901E9B82E4567D2D21E56D21
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pdb - path not found
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pd_ - path not found
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\file.ptr - path not found
SYMSRV:  RESULT: 0x80070003
SYMSRV:  BYINDEX: 0xD
         e:\symbols*https://msdl.microsoft.com/download/symbols
         ntdll.pdb
         0C2E19EA1901E9B82E4567D2D21E56D21
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pdb - path not found
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pd_ - path not found
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\file.ptr - path not found
SYMSRV:  HTTPGET: /download/symbols/ntdll.pdb/0C2E19EA1901E9B82E4567D2D21E56D21/ntdll.pdb

SYMSRV:  HttpSendRequest: 800C2EFD - ERROR_INTERNET_CANNOT_CONNECT
SYMSRV:  RESULT: 0x800C2EFD
DBGHELP: C:\WINDOWS\SYSTEM32\ntdll.pdb - file not found
DBGHELP: ntdll.pdb - file not found

DBGHELP: ntdll - export symbols

SYMSRV: HttpSendRequest: 800C2EFD - ERROR_INTERNET_CANNOT_CONNECT从这一句仿佛看出，应该是无法访问网络。

但是我们看一下符号网址，看是否可以访问，网页数如网址https://msdl.microsoft.com/download/symbols，我们可以发现，能够正常访问。

那么WINDBG为什么无法从官网下载符号表呢？

主要是我们的WINDBG设置的不够科学，没有搭建ti子，需要我们自建梯zi。

我们可以设置如下命令：

set _NT_SYMBOL_PROXY=127.0.0.1:1080

然后重启启动WINDBG，如下：

0:000> !lmi ntdll
Loaded Module Info: [ntdll] 
         Module: ntdll
   Base Address: 00007ffcdf0c0000
     Image Name: ntdll.dll
   Machine Type: 34404 (X64)
     Time Stamp: 99ca0526 Fri Oct  6 05:20:38 2051
           Size: 1f0000
       CheckSum: 1ed133
Characteristics: 2022  
Debug Data Dirs: Type  Size     VA  Pointer
             CODEVIEW    22, 13a998,  138598 RSDS - GUID: {0C2E19EA-1901-E9B8-2E45-67D2D21E56D2}
               Age: 1, Pdb: ntdll.pdb
                   ??   5b8, 13a9bc,  1385bc [Data not mapped]
                   ??    24, 13af74,  138b74 [Data not mapped]
     Image Type: FILE     - Image read successfully from debugger.
                 C:\WINDOWS\SYSTEM32\ntdll.dll
    Symbol Type: EXPORT   - PDB not found
    Load Report: export symbols
0:000> !sym noisy
noisy mode - symbol prompts on
0:000> .reload /f ntdll=00007ffcdf0c0000
SYMSRV:  BYINDEX: 0x3
         e:\symbols
         ntdll.pdb
         0C2E19EA1901E9B82E4567D2D21E56D21
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pdb - path not found
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pd_ - path not found
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\file.ptr - path not found
SYMSRV:  RESULT: 0x80070003
SYMSRV:  BYINDEX: 0x4
         e:\symbols*https://msdl.microsoft.com/download/symbols
         ntdll.pdb
         0C2E19EA1901E9B82E4567D2D21E56D21
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pdb - path not found
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pd_ - path not found
SYMSRV:  UNC: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\file.ptr - path not found
SYMSRV:  HTTPGET: /download/symbols/ntdll.pdb/0C2E19EA1901E9B82E4567D2D21E56D21/ntdll.pdb

SYMSRV:  HttpQueryInfo: 801900c8 - HTTP_STATUS_OK
SYMSRV:  ntdll.pdb from https://msdl.microsoft.com/download/symbols: 1559552 bytes - copied         
SYMSRV:  PATH: e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pdb
SYMSRV:  RESULT: 0x00000000

DBGHELP: ntdll - public symbols  
        e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pdb

SYMSRV: HttpQueryInfo: 801900c8 - HTTP_STATUS_OK从这里可以发现，请求下载正常。

此时符号信息为：

0:000> lm vm ntdll
Browse full module list
start             end                 module name
00007ffc`df0c0000 00007ffc`df2b0000   ntdll      (pdb symbols)          e:\symbols\ntdll.pdb\0C2E19EA1901E9B82E4567D2D21E56D21\ntdll.pdb
    Loaded symbol image file: C:\WINDOWS\SYSTEM32\ntdll.dll
    Image path: ntdll
    Image name: ntdll
    Browse all global symbols  functions  data
    Image was built with /Brepro flag.
    Timestamp:        99CA0526 (This is a reproducible build file hash, not a timestamp)
    CheckSum:         001ED133
    ImageSize:        001F0000
    File version:     10.0.18362.418
    Product version:  10.0.18362.418
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntdll.dll
    OriginalFilename: ntdll.dll
    ProductVersion:   10.0.18362.418
    FileVersion:      10.0.18362.418 (WinBuild.160101.0800)
    FileDescription:  NT Layer DLL
    LegalCopyright:   © Microsoft Corporation. All rights reserved.

我们可以查看符号信息:

PEB at 0000000001181000
    InheritedAddressSpace:    No
    ReadImageFileExecOptions: No
    BeingDebugged:            Yes
    ImageBaseAddress:         0000000000390000
    Ldr                       00007ffcdf2253c0
    Ldr.Initialized:          Yes
    Ldr.InInitializationOrderModuleList: 00000000013b34a0 . 00000000013b3be0
    Ldr.InLoadOrderModuleList:           00000000013b3650 . 00000000013b3fa0
    Ldr.InMemoryOrderModuleList:         00000000013b3660 . 00000000013b3fb0