Windows 8 and 8.1 Forums


Unable to make WinDBG analyze the Dump files

  1. #1


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)

    Unable to make WinDBG analyze the Dump files


    Hello,

    I am trying to debug some crash dumps which all point to NTOSKRNL.EXE but I am unable to debug or even analyze it because the WinDBG throws me an error :-

    Code:
    ************* Symbol Path validation summary **************Response                         Time (ms)     Location
    OK                                             C:\symbols
    Symbol search path is: C:\symbols
    Executable search path is: C:\symbols
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Windows 8 Kernel Version 9200 MP (4 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS
    Built by: 9200.16628.amd64fre.win8_gdr.130531-1504
    Machine Name:
    Kernel base = 0xfffff801`0cc8a000 PsLoadedModuleList = 0xfffff801`0cf56a20
    Debug session time: Sat Mar 22 19:54:14.327 2014 (UTC + 5:30)
    System Uptime: 0 days 0:27:07.854
    Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
    *** WARNING: Unable to verify timestamp for ntoskrnl.exe
    *** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
    Loading Kernel Symbols
    .
    
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    
    ..............................................................
    ................................................................
    .................................................
    Loading User Symbols
    Loading unloaded module list
    ........................
    
    
    ************* Symbol Loading Error Summary **************
    Module name            Error
    ntoskrnl               The system cannot find the file specified
    
    
    You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
    You should also verify that your symbol search path (.sympath) is correct.
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    
    Use !analyze -v to get detailed debugging information.
    
    
    BugCheck 139, {3, fffff880193dc5c0, fffff880193dc518, 0}
    
    
    ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
    
    
    *************************************************************************
    ***                                                                   ***
    ***                                                                   ***
    ***    Either you specified an unqualified symbol, or your debugger   ***
    ***    doesn't have full symbol information.  Unqualified symbol      ***
    ***    resolution is turned off by default. Please either specify a   ***
    ***    fully qualified symbol module!symbolname, or enable resolution ***
    ***    of unqualified symbols by typing ".symopt- 100". Note that   ***
    ***    enabling unqualified symbol resolution with network symbol     ***
    ***    server shares in the symbol path may cause the debugger to     ***
    ***    appear to hang for long periods of time when an incorrect      ***
    ***    symbol name is typed or the network symbol server is down.     ***
    ***                                                                   ***
    ***    For some commands to work properly, your symbol path           ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: nt!_KPRCB                                     ***
    ***                                                                   ***
    *************************************************************************
    *************************************************************************
    Now, I am unable to understand what is the reason behind this even after much browsing. Also, the symbols are downloaded and saved in C:/Symbols. I am sure that these are working because some DUMP files which do not point to NTOSKRNL get debugged fine.

    Also, one more issue I am facing that whenever I have to open another crash dump file immediately after closing one, the option for opening the Crash Dump gets greyed out -_-' . The only way to open another DUMP file is via closing and opening workspace and everything again?
    Last edited by Brink; 22 Mar 2014 at 13:26. Reason: code box

      My System SpecsSystem Spec

  2. #2


    Hi

    Your symbol search path is wrong. You should set it something like :

    SRV*C:\symbols*http://msdl.microsoft.com/download/symbols


    Then Windbg will download and save correct symbols in to the local cache.
      My System SpecsSystem Spec

  3. #3


    Posts : 5,139
    Win8.1Pro - Finally!!!


    To add to Anshad Edavana's advice:

    Run !sym noisy before .reload to track down problems loading symbols.
    If you don't have the same version of ntoskrnl.exe's symbols in your cache, then the debugger will go out to the Microsoft Symbol Server to get it.

    If you can't connect to the symbol server, you won't get the symbols (network problems/symbol path problems)
    If the symbol server is down, you won't get the symbols (doesn't happen often, but it has happened to me at least once).
    If the symbol server doesn't have that version, you won't get the symbols (modified ntoskrnl.exe/hacked versions of Windows/etc)
    And, sometimes it just gets "flaky" and it won't find them.

    If it's ntoskrnl.exe that's blamed - start by assuming that ntoskrnl.exe is not to blame. If there were problems with the kernel (core) of the OS, I'd expect to see more problems other than just the occasional BSOD.

    IMO - start by assuming it's a 3rd party driver (non-Windows)
    Once you rule that out, then start in on hardware problems/diagnostics
    The last thing to check (assuming Windows is fully updated) is Windows.
      My System SpecsSystem Spec

  4. #4


    India
    Posts : 2,097
    Windows 8.1 Industry Pro B-)


    @usasma

    Yups, the above post did the trick. And yeah I read about the windows fault and it is generally not the case and should not be blamed. One thing, which I have seen you doing around here is, you report back the dates of the drivers as well. How do you do that mate?

    Thanks for the advice
      My System SpecsSystem Spec

  5. #5


    Posts : 5,139
    Win8.1Pro - Finally!!!


    I use a script for this, but you can use the command "lmtsmn" in the command box (down at the bottom of the debugger).

    The scripts are available here (registration required): OFFICIAL UPDATE: Sysnative BSOD Processing Apps - Page 2 - Sysnative Forums
      My System SpecsSystem Spec

Unable to make WinDBG analyze the Dump files
Related Threads
Problem: When I try and make a file online only on OneDrive I get an "unspecified error" message (see attachment). This test file was created in the root folder of OneDrive (../Documents/OneDrive/OneDrive sync test.txt) and so there's no over-long path and no problematic characters. I've tried...
BSOD Dump Files to Analyze in BSOD Crashes and Debugging
Hello All, Was wondering if someone could help analyze my dump files to see if there's a way to correct my BSOD issue. Attached is the dump files. Thanks for any help!
Hello! I've done a forum search before opening a new topic, and the solutions I found in other topics are for reading BSOD minidumps, not application dump files, so for example BlueScreenView won't do me any good. I have a 3rd party application that crashes frequently. The last time I created...
Hello there, I am trying to debug some Crash Dump Files and I have not been able to load the Dump file properly because the WINDBG says the following error :- Loading Dump File Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: *** Invalid ***...
Solved How to open .dmp files with WinDbg in BSOD Crashes and Debugging
Is it possible to open .dmp files by double clicking on them? I've associated them with WinDbg.exe but they don't open - I get the error below. I can only open them with ctrl + D. Is it possible?
My (Win8 Pro 64 bits) system crashes time after time. I configured it to write minidump files, using small memory dump (256K). It is configured to save the files in %SystemRoot%\Minidump. I'm checking the /windows/minidump folder, but it's always empty. My questions: 1. Why Windows...
Dump files in BSOD Crashes and Debugging
Where are the dump files stored in Windows 8? I searched the whole drive and I cannot find them, if anyone know the answer please let me know. Thank you.
Eight Forums Android App Eight Forums IOS App Follow us on Facebook