Hello,
I am trying to debug some crash dumps which all point to NTOSKRNL.EXE but I am unable to debug or even analyze it because the WinDBG throws me an error :-
Now, I am unable to understand what is the reason behind this even after much browsing. Also, the symbols are downloaded and saved in C:/Symbols. I am sure that these are working because some DUMP files which do not point to NTOSKRNL get debugged fine.
Also, one more issue I am facing that whenever I have to open another crash dump file immediately after closing one, the option for opening the Crash Dump gets greyed out -_-' . The only way to open another DUMP file is via closing and opening workspace and everything again?
I am trying to debug some crash dumps which all point to NTOSKRNL.EXE but I am unable to debug or even analyze it because the WinDBG throws me an error :-
Code:
************* Symbol Path validation summary **************Response Time (ms) Location
OK C:\symbols
Symbol search path is: C:\symbols
Executable search path is: C:\symbols
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16628.amd64fre.win8_gdr.130531-1504
Machine Name:
Kernel base = 0xfffff801`0cc8a000 PsLoadedModuleList = 0xfffff801`0cf56a20
Debug session time: Sat Mar 22 19:54:14.327 2014 (UTC + 5:30)
System Uptime: 0 days 0:27:07.854
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
........................
************* Symbol Loading Error Summary **************
Module name Error
ntoskrnl The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, fffff880193dc5c0, fffff880193dc518, 0}
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
Now, I am unable to understand what is the reason behind this even after much browsing. Also, the symbols are downloaded and saved in C:/Symbols. I am sure that these are working because some DUMP files which do not point to NTOSKRNL get debugged fine.
Also, one more issue I am facing that whenever I have to open another crash dump file immediately after closing one, the option for opening the Crash Dump gets greyed out -_-' . The only way to open another DUMP file is via closing and opening workspace and everything again?
Last edited by a moderator:
My Computer
System One
-
- OS
- Windows 8.1 Industry Pro B-)
- Computer type
- Laptop
- System Manufacturer/Model
- Toshiba
- CPU
- Core I5 2430M @ 2.4GHz
- Memory
- 8 GB DDR3 @ 1600MHz Dual Channel ^_^
- Graphics Card(s)
- Intel HD 3000 B-)
- Screen Resolution
- 1366x768
- Hard Drives
- Toshiba 500 GB
- Browser
- Google Chrome
- Antivirus
- Windows Defender & Common Sense!