Solved Unable to make WinDBG analyze the Dump files

blueelvis

OMG Debugger!
VIP Member
Pro User
Messages
2,097
Location
India
Hello,

I am trying to debug some crash dumps which all point to NTOSKRNL.EXE but I am unable to debug or even analyze it because the WinDBG throws me an error :-

Code:
************* Symbol Path validation summary **************Response                         Time (ms)     Location
OK                                             C:\symbols
Symbol search path is: C:\symbols
Executable search path is: C:\symbols
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 9200.16628.amd64fre.win8_gdr.130531-1504
Machine Name:
Kernel base = 0xfffff801`0cc8a000 PsLoadedModuleList = 0xfffff801`0cf56a20
Debug session time: Sat Mar 22 19:54:14.327 2014 (UTC + 5:30)
System Uptime: 0 days 0:27:07.854
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
.


Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.


..............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
........................


************* Symbol Loading Error Summary **************
Module name            Error
ntoskrnl               The system cannot find the file specified


You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************


Use !analyze -v to get detailed debugging information.


BugCheck 139, {3, fffff880193dc5c0, fffff880193dc518, 0}


***** Kernel symbols are WRONG. Please fix symbols to do analysis.


*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************

Now, I am unable to understand what is the reason behind this even after much browsing. Also, the symbols are downloaded and saved in C:/Symbols. I am sure that these are working because some DUMP files which do not point to NTOSKRNL get debugged fine.

Also, one more issue I am facing that whenever I have to open another crash dump file immediately after closing one, the option for opening the Crash Dump gets greyed out -_-' . The only way to open another DUMP file is via closing and opening workspace and everything again?
 
Last edited by a moderator:

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!
To add to Anshad Edavana's advice:

Run !sym noisy before .reload to track down problems loading symbols.

If you don't have the same version of ntoskrnl.exe's symbols in your cache, then the debugger will go out to the Microsoft Symbol Server to get it.

If you can't connect to the symbol server, you won't get the symbols (network problems/symbol path problems)
If the symbol server is down, you won't get the symbols (doesn't happen often, but it has happened to me at least once).
If the symbol server doesn't have that version, you won't get the symbols (modified ntoskrnl.exe/hacked versions of Windows/etc)
And, sometimes it just gets "flaky" and it won't find them.

If it's ntoskrnl.exe that's blamed - start by assuming that ntoskrnl.exe is not to blame. If there were problems with the kernel (core) of the OS, I'd expect to see more problems other than just the occasional BSOD.

IMO - start by assuming it's a 3rd party driver (non-Windows)
Once you rule that out, then start in on hardware problems/diagnostics
The last thing to check (assuming Windows is fully updated) is Windows.
 

My Computer

System One

  • OS
    Win8.1Pro - Finally!!!
    Computer type
    Laptop
    System Manufacturer/Model
    Samsung/NP780
    CPU
    Came with the laptop (i7 of some sort)
    Motherboard
    Pretty sure that it has one, but haven't checked inside the case!
    Memory
    upgraded to 12 gB from 8 gB
    Graphics Card(s)
    has switchable - Intel/ATI - Used wrong drivers, now ATI card is inop :( Will have to fix it soon!
    Sound Card
    I'm nearly deaf, so this isn't used often
    Monitor(s) Displays
    Touchscreen on laptop/32" Toshiba on HDMI (laid the Sharp TV on a mouse and cracked the screen!)
    Screen Resolution
    800x600
    Hard Drives
    One Samsung 1tB drive - 5400 rpm. Gonna switch to a 7200/10000 rpm or an SSD (if I can find $500 for a 1tB SSD!)
    - Switched to 500 gB Samsung 840 series SSD - WOW!!!
    PSU
    Why do we ask this for laptops?
    Case
    Silver with a neat Samsung logo
    Cooling
    sub-par, gotta get around to working on it soon Worked on it - still sub-par! :(
    Keyboard
    Microsoft Natural - the same one I've used since it orignally came out around 1995
    Mouse
    no Mouse - Trackball!!!!
    Internet Speed
    too slow when I'm waiting for a download to finish
    Browser
    Yes, I use this (Firefox mostly, w/IE next most)
    Antivirus
    Windows Defender and Windows Firewall
    Other Info
    I'm handsome and a snappy dresser :0)
@usasma

Yups, the above post did the trick. And yeah I read about the windows fault and it is generally not the case and should not be blamed. One thing, which I have seen you doing around here is, you report back the dates of the drivers as well. How do you do that mate?

Thanks for the advice :)
 

My Computer

System One

  • OS
    Windows 8.1 Industry Pro B-)
    Computer type
    Laptop
    System Manufacturer/Model
    Toshiba
    CPU
    Core I5 2430M @ 2.4GHz
    Memory
    8 GB DDR3 @ 1600MHz Dual Channel ^_^
    Graphics Card(s)
    Intel HD 3000 B-)
    Screen Resolution
    1366x768
    Hard Drives
    Toshiba 500 GB
    Browser
    Google Chrome
    Antivirus
    Windows Defender & Common Sense!

My Computer

System One

  • OS
    Win8.1Pro - Finally!!!
    Computer type
    Laptop
    System Manufacturer/Model
    Samsung/NP780
    CPU
    Came with the laptop (i7 of some sort)
    Motherboard
    Pretty sure that it has one, but haven't checked inside the case!
    Memory
    upgraded to 12 gB from 8 gB
    Graphics Card(s)
    has switchable - Intel/ATI - Used wrong drivers, now ATI card is inop :( Will have to fix it soon!
    Sound Card
    I'm nearly deaf, so this isn't used often
    Monitor(s) Displays
    Touchscreen on laptop/32" Toshiba on HDMI (laid the Sharp TV on a mouse and cracked the screen!)
    Screen Resolution
    800x600
    Hard Drives
    One Samsung 1tB drive - 5400 rpm. Gonna switch to a 7200/10000 rpm or an SSD (if I can find $500 for a 1tB SSD!)
    - Switched to 500 gB Samsung 840 series SSD - WOW!!!
    PSU
    Why do we ask this for laptops?
    Case
    Silver with a neat Samsung logo
    Cooling
    sub-par, gotta get around to working on it soon Worked on it - still sub-par! :(
    Keyboard
    Microsoft Natural - the same one I've used since it orignally came out around 1995
    Mouse
    no Mouse - Trackball!!!!
    Internet Speed
    too slow when I'm waiting for a download to finish
    Browser
    Yes, I use this (Firefox mostly, w/IE next most)
    Antivirus
    Windows Defender and Windows Firewall
    Other Info
    I'm handsome and a snappy dresser :0)
Back
Top