No symbols for ntdll.
No symbols for ntdll.
文章目录
- No symbols for ntdll.
- 1. 错误情形
- 2. 解决方案
- 3. 过程记录
1. 错误情形
在使用windbg preview调试的时候、在command界面输入!address -summary 显示ntdll 未加载
错误代码如下:
0:014> !address -summary
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ${$ntdllsym}!_PEB ***
*** ***
*************************************************************************
2. 解决方案
(我也不是太懂、搜索了很多的博客!最终找到了哟个解决方案~主要是很多的(中文)教程的都是以老板的windbg为例子、而不是windbg preview):
-
在微软商店下载windbg preview
-
windbg>文件>Settings>Debugging settings>Symbol path
输入
srv*c:\symbols*http://msdl.microsoft.com/download/symbols**注意:**先新建一个c:\symbols如下所示:
-
再次进入界面,输入
!address -summary查看是否成功 -
若不成功、尝试输入:
!sym noisy .reload /f ntdll.dll参考于:https://stackoverflow.com/questions/58492735/why-am-i-not-getting-ntdll-correctly-loaded-in-windbg-but-it-is-downloaded-win
https://stackoverflow.com/questions/45002682/symbol-path-for-windbg
.symfix
.reload /f
!analyze -v
-
最终效果
存在下载文件的一个过程…
--- Usage Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal # 略去 --- Type Summary (for busy) ------ RgnCount ----------- Total Size -------- %ofBusy %ofTotal # 略去 --- State Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy # 略去 --- Protect Summary (for commit) - RgnCount ----------- Total Size -------- %ofBusy %ofTotal # 略去 --- Largest Region by Usage ----------- Base Address -------- Region Size ---------- Free 179`234a7000 7e7b`da339000 ( 126.484 TB)7ff4`fd8e0000 1`00020000 ( 4.000 GB) # 略去 于此同时,会在c:\symbols保存下载的文件!
3. 过程记录
特记录一下这过程、供大家参考!(希望能帮助大家)
Microsoft (R) Windows Debugger Version 10.0.19528.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
*** wait with pending attach
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
DBGHELP: Symbol Search Path: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00007ff7`c0370000 00007ff7`c0b7c000 C:\Program Files\Sublime Text 3\sublime_text.exe
ModLoad: 00007ffb`12fa0000 00007ffb`13190000 C:\Windows\SYSTEM32\ntdll.dll
ModLoad: 00007ffb`11d20000 00007ffb`11dd2000 C:\Windows\System32\KERNEL32.DLL
ModLoad: 00007ffb`10090000 00007ffb`10333000 C:\Windows\System32\KERNELBASE.dll
ModLoad: 00007ffb`0d9e0000 00007ffb`0da6f000 C:\Windows\SYSTEM32\apphelp.dll
ModLoad: 00007ffa`dcdd0000 00007ffa`dce2d000 C:\Windows\SYSTEM32\AcGenral.dll
ModLoad: 00007ffb`12ec0000 00007ffb`12f5e000 C:\Windows\System32\msvcrt.dll
ModLoad: 00007ffb`118a0000 00007ffb`11937000 C:\Windows\System32\sechost.dll
ModLoad: 00007ffb`110b0000 00007ffb`111d0000 C:\Windows\System32\RPCRT4.dll
ModLoad: 00007ffb`12970000 00007ffb`129c2000 C:\Windows\System32\SHLWAPI.dll
ModLoad: 00007ffb`12ad0000 00007ffb`12e06000 C:\Windows\System32\combase.dll
ModLoad: 00007ffb`10c60000 00007ffb`10d5a000 C:\Windows\System32\ucrtbase.dll
ModLoad: 00007ffb`10de0000 00007ffb`10e60000 C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007ffb`128c0000 00007ffb`128e6000 C:\Windows\System32\GDI32.dll
ModLoad: 00007ffb`0ffe0000 00007ffb`10001000 C:\Windows\System32\win32u.dll
ModLoad: 00007ffb`10340000 00007ffb`104d4000 C:\Windows\System32\gdi32full.dll
ModLoad: 00007ffb`10fb0000 00007ffb`1104e000 C:\Windows\System32\msvcp_win.dll
ModLoad: 00007ffb`11b80000 00007ffb`11d14000 C:\Windows\System32\USER32.dll
ModLoad: 00007ffb`12760000 00007ffb`128b6000 C:\Windows\System32\ole32.dll
ModLoad: 00007ffb`12680000 00007ffb`12723000 C:\Windows\System32\advapi32.dll
ModLoad: 00007ffb`11f30000 00007ffb`12615000 C:\Windows\System32\SHELL32.dll
ModLoad: 00007ffb`10d90000 00007ffb`10dda000 C:\Windows\System32\cfgmgr32.dll
ModLoad: 00007ffb`11640000 00007ffb`116e9000 C:\Windows\System32\shcore.dll
ModLoad: 00007ffb`104e0000 00007ffb`10c5f000 C:\Windows\System32\windows.storage.dll
ModLoad: 00007ffb`0ff10000 00007ffb`0ff2f000 C:\Windows\System32\profapi.dll
ModLoad: 00007ffb`0fe80000 00007ffb`0feca000 C:\Windows\System32\powrprof.dll
ModLoad: 00007ffb`0fe70000 00007ffb`0fe80000 C:\Windows\System32\UMPDC.dll
ModLoad: 00007ffb`0fef0000 00007ffb`0ff01000 C:\Windows\System32\kernel.appcore.dll
ModLoad: 00007ffb`10070000 00007ffb`10087000 C:\Windows\System32\cryptsp.dll
ModLoad: 00007ffb`0fd90000 00007ffb`0fdb5000 C:\Windows\SYSTEM32\USERENV.dll
ModLoad: 00007ffa`f2b00000 00007ffa`f2b1b000 C:\Windows\SYSTEM32\MPR.dll
ModLoad: 00007ffb`0fd60000 00007ffb`0fd8f000 C:\Windows\SYSTEM32\SspiCli.dll
ModLoad: 00007ffb`12730000 00007ffb`1275e000 C:\Windows\System32\IMM32.DLL
ModLoad: 00007ffb`11aa0000 00007ffb`11b70000 C:\Windows\System32\COMDLG32.dll
ModLoad: 00007ffb`019d0000 00007ffb`01c55000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.657_none_e6c5b579130e3898\COMCTL32.dll
ModLoad: 00007ffb`00860000 00007ffb`00d36000 C:\Windows\SYSTEM32\WININET.dll
ModLoad: 00007ffb`0b520000 00007ffb`0b585000 C:\Windows\SYSTEM32\ninput.dll
ModLoad: 00007ffb`11de0000 00007ffb`11ea4000 C:\Windows\System32\OLEAUT32.dll
ModLoad: 00007ffb`0e7f0000 00007ffb`0e9e4000 C:\Windows\SYSTEM32\dbghelp.dll
ModLoad: 00007ffb`04ab0000 00007ffb`04ada000 C:\Windows\SYSTEM32\dbgcore.DLL
ModLoad: 00007ffb`0dbb0000 00007ffb`0dc49000 C:\Windows\system32\uxtheme.dll
ModLoad: 00007ffb`11960000 00007ffb`11a95000 C:\Windows\System32\MSCTF.dll
ModLoad: 00007ffa`fbc90000 00007ffa`fbf8e000 C:\Windows\SYSTEM32\dwrite.dll
ModLoad: 00007ffa`f2880000 00007ffa`f2889000 C:\Windows\system32\IconCodecService.dll
ModLoad: 00007ffb`0af70000 00007ffb`0b11f000 C:\Windows\SYSTEM32\WindowsCodecs.dll
ModLoad: 00007ffb`12e10000 00007ffb`12eb2000 C:\Windows\System32\clbcatq.dll
ModLoad: 00007ffa`ef6d0000 00007ffa`ef70a000 C:\Windows\system32\dataexchange.dll
ModLoad: 00007ffb`0d140000 00007ffb`0d31b000 C:\Windows\system32\dcomp.dll
ModLoad: 00007ffb`0ca20000 00007ffb`0cc7b000 C:\Windows\system32\d3d11.dll
ModLoad: 00007ffb`0eb70000 00007ffb`0ec5b000 C:\Windows\system32\dxgi.dll
ModLoad: 00007ffb`0eae0000 00007ffb`0eb00000 C:\Windows\SYSTEM32\dxcore.dll
ModLoad: 00007ffb`0dca0000 00007ffb`0defa000 C:\Windows\system32\twinapi.appcore.dll
ModLoad: 00007ffb`0e1b0000 00007ffb`0e1d9000 C:\Windows\system32\RMCLIENT.dll
ModLoad: 00007ffa`ff030000 00007ffa`ff0ce000 C:\Windows\System32\TextInputFramework.dll
ModLoad: 00007ffb`0b1f0000 00007ffb`0b51a000 C:\Windows\System32\CoreUIComponents.dll
ModLoad: 00007ffb`0d3f0000 00007ffb`0d4c4000 C:\Windows\System32\CoreMessaging.dll
ModLoad: 00007ffb`0eed0000 00007ffb`0ef01000 C:\Windows\SYSTEM32\ntmarta.dll
ModLoad: 00007ffb`0b870000 00007ffb`0b9c3000 C:\Windows\SYSTEM32\wintypes.dll
ModLoad: 00007ffb`005b0000 00007ffb`00856000 C:\Windows\System32\iertutil.dll
ModLoad: 00007ffa`e76e0000 00007ffa`e78cd000 C:\Windows\system32\SogouTSF.ime
ModLoad: 00007ffa`e76d0000 00007ffa`e76d7000 C:\Windows\system32\MSIMG32.dll
ModLoad: 00007ffb`087d0000 00007ffb`087da000 C:\Windows\system32\VERSION.dll
ModLoad: 00007ffa`e6e40000 00007ffa`e76cd000 C:\Windows\system32\SogouPy.ime
ModLoad: 00007ffa`efa90000 00007ffa`efaf5000 C:\Windows\SYSTEM32\OLEACC.dll
ModLoad: 00007ffb`04500000 00007ffb`045f0000 C:\Windows\SYSTEM32\WINHTTP.dll
ModLoad: 00000000`10000000 00000000`1011d000 C:\Program Files (x86)\SogouInput\9.6.0.3568\Resource.dll
ModLoad: 00007ffa`e0ff0000 00007ffa`e1259000 C:\Program Files (x86)\SogouInput\Components\PicFace\1.1.0.1867\PicFace64.dll
ModLoad: 00007ffb`0dff0000 00007ffb`0e01d000 C:\Windows\SYSTEM32\dwmapi.dll
ModLoad: 00007ffb`12960000 00007ffb`12968000 C:\Windows\System32\PSAPI.DLL
ModLoad: 00007ffb`12a60000 00007ffb`12acf000 C:\Windows\System32\WS2_32.dll
ModLoad: 00007ffa`f0830000 00007ffa`f0846000 C:\Windows\SYSTEM32\ondemandconnroutehelper.dll
ModLoad: 00007ffb`0f680000 00007ffb`0f6e7000 C:\Windows\system32\mswsock.dll
ModLoad: 00007ffb`0f390000 00007ffb`0f3ca000 C:\Windows\SYSTEM32\IPHLPAPI.DLL
ModLoad: 00007ffb`059d0000 00007ffb`059db000 C:\Windows\SYSTEM32\WINNSI.DLL
ModLoad: 00007ffb`12a50000 00007ffb`12a58000 C:\Windows\System32\NSI.dll
ModLoad: 00007ffb`10e60000 00007ffb`10fa9000 C:\Windows\System32\CRYPT32.dll
ModLoad: 00007ffb`0fed0000 00007ffb`0fee2000 C:\Windows\System32\MSASN1.dll
ModLoad: 00007ffb`0f230000 00007ffb`0f23a000 C:\Windows\SYSTEM32\DPAPI.DLL
ModLoad: 00007ffb`10010000 00007ffb`1006c000 C:\Windows\System32\WINTRUST.dll
ModLoad: 00007ffb`0f1f0000 00007ffb`0f223000 C:\Windows\system32\rsaenh.dll
ModLoad: 00007ffb`10d60000 00007ffb`10d86000 C:\Windows\System32\bcrypt.dll
ModLoad: 00007ffb`0f850000 00007ffb`0f85c000 C:\Windows\SYSTEM32\CRYPTBASE.dll
ModLoad: 00007ffb`00d40000 00007ffb`00f16000 C:\Windows\SYSTEM32\urlmon.dll
ModLoad: 00007ffb`03da0000 00007ffb`03deb000 C:\Program Files (x86)\Sangfor\SSL\ClientComponent\SangforNspX64.dll
ModLoad: 00007ffb`0f3d0000 00007ffb`0f49a000 C:\Windows\SYSTEM32\DNSAPI.dll
ModLoad: 00007ffb`03af0000 00007ffb`03afa000 C:\Windows\System32\rasadhlp.dll
ModLoad: 00007ffb`050c0000 00007ffb`05137000 C:\Windows\System32\fwpuclnt.dll
ModLoad: 00007ffb`0f120000 00007ffb`0f1a8000 C:\Windows\system32\schannel.DLL
ModLoad: 00007ffa`f8ec0000 00007ffa`f8ed5000 C:\Windows\SYSTEM32\mskeyprotect.dll
ModLoad: 00007ffb`0f9b0000 00007ffb`0f9d6000 C:\Windows\SYSTEM32\ncrypt.dll
ModLoad: 00007ffb`0f970000 00007ffb`0f9ab000 C:\Windows\SYSTEM32\NTASN1.dll
ModLoad: 00007ffa`f8f30000 00007ffa`f8f55000 C:\Windows\system32\ncryptsslp.dll
ModLoad: 00007ffa`ec850000 00007ffa`ec9f3000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.657_none_17b0a85e6da0b266\gdiplus.dll
ModLoad: 00007ffb`0e580000 00007ffb`0e66f000 C:\Windows\system32\propsys.dll
ModLoad: 00007ffa`d3690000 00007ffa`d3843000 C:\Windows\SYSTEM32\DUI70.dll
ModLoad: 00007ffb`081d0000 00007ffb`08263000 C:\Windows\SYSTEM32\DUser.dll
ModLoad: 00007ffa`eee40000 00007ffa`ef045000 C:\Windows\system32\explorerframe.dll
ModLoad: 00007ffa`eedd0000 00007ffa`eee2e000 C:\Windows\System32\thumbcache.dll
ModLoad: 00007ffb`0bf80000 00007ffb`0c006000 C:\Windows\SYSTEM32\policymanager.dll
ModLoad: 00007ffb`0c300000 00007ffb`0c38a000 C:\Windows\SYSTEM32\msvcp110_win.dll
ModLoad: 00007ffa`d3110000 00007ffa`d31c2000 C:\Windows\System32\Windows.UI.FileExplorer.dll
ModLoad: 00007ffa`eeda0000 00007ffa`eedc3000 C:\Windows\SYSTEM32\edputil.dll
ModLoad: 00007ffa`f35e0000 00007ffa`f3850000 C:\Windows\System32\uiautomationcore.dll
ModLoad: 00007ffb`0fcc0000 00007ffb`0fd5d000 C:\Windows\SYSTEM32\sxs.dll
ModLoad: 00007ffa`e79a0000 00007ffa`e79ad000 C:\Windows\SYSTEM32\atlthunk.dll
ModLoad: 00007ffa`fedc0000 00007ffa`fee68000 C:\Windows\System32\StructuredQuery.dll
ModLoad: 00007ffa`ea5c0000 00007ffa`ea67d000 C:\Windows\system32\Windows.Storage.Search.dll
ModLoad: 00007ffa`f2820000 00007ffa`f2840000 C:\Windows\SYSTEM32\CLDAPI.dll
ModLoad: 00007ffa`ff4a0000 00007ffa`ff4aa000 C:\Windows\SYSTEM32\FLTLIB.DLL
ModLoad: 00007ffa`f9f10000 00007ffa`f9fb4000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
ModLoad: 00007ffb`04730000 00007ffb`0473b000 C:\Windows\System32\drprov.dll
ModLoad: 00007ffb`0f910000 00007ffb`0f96c000 C:\Windows\System32\WINSTA.dll
ModLoad: 00007ffb`04710000 00007ffb`04725000 C:\Windows\System32\ntlanman.dll
ModLoad: 00007ffb`046f0000 00007ffb`0470d000 C:\Windows\System32\davclnt.dll
ModLoad: 00007ffb`046e0000 00007ffb`046ec000 C:\Windows\System32\DAVHLPR.dll
ModLoad: 00007ffb`04f60000 00007ffb`04f77000 C:\Windows\System32\wkscli.dll
ModLoad: 00007ffa`f8c70000 00007ffa`f8c82000 C:\Windows\SYSTEM32\cscapi.dll
ModLoad: 00007ffb`0f4a0000 00007ffb`0f4ac000 C:\Windows\System32\netutils.dll
ModLoad: 00007ffa`f0970000 00007ffa`f0a11000 C:\Windows\System32\twinapi.dll
ModLoad: 00007ffa`d44a0000 00007ffa`d44f3000 C:\Windows\System32\dlnashext.dll
ModLoad: 00007ffa`f80d0000 00007ffa`f8134000 C:\Windows\System32\PlayToDevice.dll
ModLoad: 00007ffb`021c0000 00007ffb`021e0000 C:\Windows\System32\DevDispItemProvider.dll
ModLoad: 00007ffb`08510000 00007ffb`08582000 C:\Windows\System32\MMDevApi.dll
ModLoad: 00007ffb`0fc70000 00007ffb`0fc9a000 C:\Windows\System32\DEVOBJ.dll
ModLoad: 00007ffa`e3060000 00007ffa`e3076000 C:\Windows\system32\NetworkExplorer.dll
ModLoad: 00007ffb`11eb0000 00007ffb`11f26000 C:\Windows\System32\coml2.dll
ModLoad: 00007ffa`eca00000 00007ffa`ecb67000 C:\Users\zjc98\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll
ModLoad: 00007ffb`0ea30000 00007ffb`0ea43000 C:\Windows\SYSTEM32\WTSAPI32.dll
ModLoad: 00007ffa`ecbb0000 00007ffa`ecbd8000 C:\Windows\system32\mssprxy.dll
ModLoad: 00007ffa`edb80000 00007ffa`edb8d000 C:\Windows\SYSTEM32\LINKINFO.dll
ModLoad: 00007ffb`09720000 00007ffb`097be000 C:\Windows\System32\PortableDeviceApi.dll
ModLoad: 00007ffb`111d0000 00007ffb`11640000 C:\Windows\System32\SETUPAPI.dll
ModLoad: 00007ffa`ed680000 00007ffa`ed6b7000 C:\Windows\System32\EhStorShell.dll
ModLoad: 00007ffa`fff00000 00007ffa`fff25000 C:\Windows\System32\EhStorAPI.dll
ModLoad: 00007ffa`ed5b0000 00007ffa`ed67a000 C:\Windows\System32\cscui.dll
ModLoad: 00007ffa`f2890000 00007ffa`f290e000 C:\Windows\SYSTEM32\ntshrui.dll
ModLoad: 00007ffa`f8d50000 00007ffa`f8d76000 C:\Windows\SYSTEM32\srvcli.dll
ModLoad: 00007ffb`013a0000 00007ffb`014d5000 C:\Windows\System32\Windows.StateRepositoryPS.dll
ModLoad: 00007ffb`0d110000 00007ffb`0d134000 C:\Windows\system32\WINMM.dll
ModLoad: 00007ffb`0cc80000 00007ffb`0ccad000 C:\Windows\system32\WINMMBASE.dll
ModLoad: 00007ffa`ff380000 00007ffa`ff492000 C:\Windows\SYSTEM32\MrmCoreR.dll
ModLoad: 00007ffb`04dc0000 00007ffb`04dd0000 C:\Windows\SYSTEM32\windows.staterepositorycore.dll
ModLoad: 00007ffa`feeb0000 00007ffa`feee0000 C:\Windows\SYSTEM32\bcp47mrm.dll
ModLoad: 00007ffa`ff0d0000 00007ffa`ff221000 C:\Windows\System32\Windows.UI.dll
ModLoad: 00007ffa`fef10000 00007ffa`ff02a000 C:\Windows\System32\InputHost.dll
(1454.1dac): Break instruction exception - code 80000003 (first chance)
SYMSRV: BYINDEX: 0x1
c:\symbols*http://msdl.microsoft.com/download/symbols
ntdll.pdb
FB60D3E08B5E4960376A4E73BD35F24E1
SYMSRV: UNC: c:\symbols\ntdll.pdb\FB60D3E08B5E4960376A4E73BD35F24E1\ntdll.pdb - path not found
SYMSRV: UNC: c:\symbols\ntdll.pdb\FB60D3E08B5E4960376A4E73BD35F24E1\ntdll.pd_ - path not found
SYMSRV: UNC: c:\symbols\ntdll.pdb\FB60D3E08B5E4960376A4E73BD35F24E1\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/index2.txt
SYMSRV: HttpQueryInfo: 80190190 - HTTP_STATUS_BAD_REQUEST
SYMSRV: HTTPGET: /download/symbols/ntdll.pdb/FB60D3E08B5E4960376A4E73BD35F24E1/ntdll.pdb
SYMSRV: HttpSendRequest: 800C2EFF - ERROR_INTERNET_CONNECTION_RESET
SYMSRV: RESULT: 0x800C2EFF
DBGHELP: C:\Windows\SYSTEM32\ntdll.pdb - file not found
DBGHELP: ntdll.pdb - file not found
DBGHELP: ntdll - export symbols
ntdll!DbgBreakPoint:
00007ffb`1303faf0 cc int 3
0:014> !address -summary
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ${$ntdllsym}!_PEB ***
*** ***
*************************************************************************
No symbols for ntdll. Cannot continue.
0:014> !heap –s
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_HEAP_ENTRY ***
*** ***
*************************************************************************
Invalid type information
0:014> !sym noisy
noisy mode - symbol prompts on
0:014> .reload /f ntdll.dll
SYMSRV: BYINDEX: 0x3
c:\symbols*http://msdl.microsoft.com/download/symbols
ntdll.pdb
FB60D3E08B5E4960376A4E73BD35F24E1
SYMSRV: UNC: c:\symbols\ntdll.pdb\FB60D3E08B5E4960376A4E73BD35F24E1\ntdll.pdb - path not found
SYMSRV: UNC: c:\symbols\ntdll.pdb\FB60D3E08B5E4960376A4E73BD35F24E1\ntdll.pd_ - path not found
SYMSRV: UNC: c:\symbols\ntdll.pdb\FB60D3E08B5E4960376A4E73BD35F24E1\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/ntdll.pdb/FB60D3E08B5E4960376A4E73BD35F24E1/ntdll.pdb
SYMSRV: HttpQueryInfo: 801900c8 - HTTP_STATUS_OK
SYMSRV: ntdll.pdb from http://msdl.microsoft.com/download/symbols: 1559552 bytcopied
SYMSRV: PATH: c:\symbols\ntdll.pdb\FB60D3E08B5E4960376A4E73BD35F24E1\ntdll.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: ntdll - public symbols
c:\symbols\ntdll.pdb\FB60D3E08B5E4960376A4E73BD35F24E1\ntdll.pdb
0:014> !address -summary
Mapping file section regions...
Mapping module regions...
Mapping PEB regions...
Mapping TEB and stack regions...
SYMSRV: BYINDEX: 0x4
c:\symbols*http://msdl.microsoft.com/download/symbols
win32u.pdb
BC2E49ABE46D2E93B278B4DECFCA62A81
SYMSRV: UNC: c:\symbols\win32u.pdb\BC2E49ABE46D2E93B278B4DECFCA62A81\win32u.pdb - path not found
SYMSRV: UNC: c:\symbols\win32u.pdb\BC2E49ABE46D2E93B278B4DECFCA62A81\win32u.pd_ - path not found
SYMSRV: UNC: c:\symbols\win32u.pdb\BC2E49ABE46D2E93B278B4DECFCA62A81\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/win32u.pdb/BC2E49ABE46D2E93B278B4DECFCA62A81/win32u.pdb
SYMSRV: HttpQueryInfo: 801900c8 - HTTP_STATUS_OK
SYMSRV: win32u.pdb from http://msdl.microsoft.com/download/symbols: 233472 bytescopied
SYMSRV: PATH: c:\symbols\win32u.pdb\BC2E49ABE46D2E93B278B4DECFCA62A81\win32u.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: win32u - public symbols
c:\symbols\win32u.pdb\BC2E49ABE46D2E93B278B4DECFCA62A81\win32u.pdb
SYMSRV: BYINDEX: 0x5
c:\symbols*http://msdl.microsoft.com/download/symbols
user32.pdb
D5B4D48DC290AE919FB9D6F2A402402C1
SYMSRV: UNC: c:\symbols\user32.pdb\D5B4D48DC290AE919FB9D6F2A402402C1\user32.pdb - path not found
SYMSRV: UNC: c:\symbols\user32.pdb\D5B4D48DC290AE919FB9D6F2A402402C1\user32.pd_ - path not found
SYMSRV: UNC: c:\symbols\user32.pdb\D5B4D48DC290AE919FB9D6F2A402402C1\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/user32.pdb/D5B4D48DC290AE919FB9D6F2A402402C1/user32.pdb
SYMSRV: HttpQueryInfo: 801900c8 - HTTP_STATUS_OK
SYMSRV: user32.pdb from http://msdl.microsoft.com/download/symbols: 1011712 bytecopied
SYMSRV: PATH: c:\symbols\user32.pdb\D5B4D48DC290AE919FB9D6F2A402402C1\user32.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: USER32 - public symbols
c:\symbols\user32.pdb\D5B4D48DC290AE919FB9D6F2A402402C1\user32.pdb
SYMSRV: BYINDEX: 0x6
c:\symbols*http://msdl.microsoft.com/download/symbols
kernelbase.pdb
7D42F2FCA0F02E76EFBE1EEBF10F31021
SYMSRV: UNC: c:\symbols\kernelbase.pdb\7D42F2FCA0F02E76EFBE1EEBF10F31021\kernelbase.pdb - path not found
SYMSRV: UNC: c:\symbols\kernelbase.pdb\7D42F2FCA0F02E76EFBE1EEBF10F31021\kernelbase.pd_ - path not found
SYMSRV: UNC: c:\symbols\kernelbase.pdb\7D42F2FCA0F02E76EFBE1EEBF10F31021\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/kernelbase.pdb/7D42F2FCA0F02E76EFBE1EEBF10F31021/kernelbase.pdb
SYMSRV: HttpQueryInfo: 801900c8 - HTTP_STATUS_OK
SYMSRV: kernelbase.pdb from http://msdl.microsoft.com/download/symbols: 7662592 bycopied
SYMSRV: PATH: c:\symbols\kernelbase.pdb\7D42F2FCA0F02E76EFBE1EEBF10F31021\kernelbase.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: KERNELBASE - public symbols
c:\symbols\kernelbase.pdb\7D42F2FCA0F02E76EFBE1EEBF10F31021\kernelbase.pdb
Mapping heap regions...
Mapping page heap regions...
Mapping other regions...
Mapping stack trace database regions...
Mapping activation context regions...
--- Usage Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal
Free 332 7ffe`e0cf7000 ( 127.996 TB) 100.00%
69 1`0317e000 ( 4.048 GB) 90.22% 0.00%
MappedFile 155 0`0f2a7000 ( 242.652 MB) 5.28% 0.00%
Image 784 0`086c5000 ( 134.770 MB) 2.93% 0.00%
Heap 104 0`03713000 ( 55.074 MB) 1.20% 0.00%
Stack 45 0`00f00000 ( 15.000 MB) 0.33% 0.00%
Other 8 0`001dd000 ( 1.863 MB) 0.04% 0.00%
TEB 15 0`0001e000 ( 120.000 kB) 0.00% 0.00%
PEB 1 0`00001000 ( 4.000 kB) 0.00% 0.00%
--- Type Summary (for busy) ------ RgnCount ----------- Total Size -------- %ofBusy %ofTotal
MEM_PRIVATE 235 1`077a2000 ( 4.117 GB) 91.74% 0.00%
MEM_MAPPED 162 0`0f492000 ( 244.570 MB) 5.32% 0.00%
MEM_IMAGE 784 0`086c5000 ( 134.770 MB) 2.93% 0.00%
--- State Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal
MEM_FREE 332 7ffe`e0cf7000 ( 127.996 TB) 100.00%
MEM_RESERVE 65 1`0650e000 ( 4.099 GB) 91.34% 0.00%
MEM_COMMIT 1116 0`18deb000 ( 397.918 MB) 8.66% 0.00%
--- Protect Summary (for commit) - RgnCount ----------- Total Size -------- %ofBusy %ofTotal
PAGE_READONLY 527 0`0eaad000 ( 234.676 MB) 5.11% 0.00%
PAGE_READWRITE 366 0`0525d000 ( 82.363 MB) 1.79% 0.00%
PAGE_EXECUTE_READ 144 0`04fc5000 ( 79.770 MB) 1.74% 0.00%
PAGE_WRITECOPY 34 0`000d1000 ( 836.000 kB) 0.02% 0.00%
PAGE_READWRITE|PAGE_GUARD 15 0`0002d000 ( 180.000 kB) 0.00% 0.00%
PAGE_NOACCESS 30 0`0001e000 ( 120.000 kB) 0.00% 0.00%
--- Largest Region by Usage ----------- Base Address -------- Region Size ----------
Free 179`234a7000 7e7b`da339000 ( 126.484 TB)
7ff4`fd8e0000 1`00020000 ( 4.000 GB)
MappedFile 179`1b6b0000 0`019c4000 ( 25.766 MB)
Image 7ffa`e6e41000 0`0057f000 ( 5.496 MB)
Heap 179`21214000 0`00d0b000 ( 13.043 MB)
Stack 69`b1900000 0`000fc000 (1008.000 kB)
Other 179`0c480000 0`00181000 ( 1.504 MB)
TEB 69`b0c18000 0`00002000 ( 8.000 kB)
PEB 69`b0c17000 0`00001000 ( 4.000 kB)