WinDbg symbol resolution

Asked 23/1, 2009 at 3:3 Answered 30/10, 2020 at 0:31

When using WinDbg, where should the private symbol files (pdb?) be placed?

My situation is: I have a DLL which I want to debug. I have the source code and symbol files for this DLL. This DLL is called by another DLL (which I don't have symbols or source for) which, in turn, is called by an EXE (which I also don't have symbols or source for).

My problem is that I am getting a warning that says

*** WARNING: Unable to verify checksum for C:\TheProgram\SomeSubfolder\AnotherSubfolder\MyDll.dll

This warning I think is the reason why I am getting the following type of messages in the call stack:

MyDll!AClass::AFunction+SomeHexAddress

My file structure looks something like this:

The exe: C:\TheProgram\program.exe

The calling dll: C\TheProgram\SomeSubfolder\caller.???

My DLL that I want to debug: C:\TheProgram\SomeSubfolder\AnotherSubfolder\MyDll.dll

Note: I set Symbol File path and the Source file path to where the debug DLL was generated, in my workspace on a different drive from the exe.. But I did copy the pdb + map files and put it on the dll that I wanted to debug..

Construction answered 23/1, 2009 at 3:3 Comment(1)

related question: stackoverflow.com/questions/2743323 – Mansour 2/7, 2014 at 12:11

Sorry for the late reply.
In your post you mention that you are seeing the following error message.

*** WARNING: Unable to verify checksum for C:\TheProgram\SomeSubfolder\AnotherSubfolder\MyDll.dll

You also ask the question, "where do I put my symbols for my DLL in the symbol path?"

Here is a response for the first problem:

Steps to identify mismatched symbols.

!sym noisy
.reload
x MyDll!*class*
*This reloads your dll, alternatively you can type kb to display the call stack of the DLL which should load it as well.
!sym quiet
*Reset's back to original quiet symbol loading

Also you can run

0:001> lmv m myDll  *(and examine the Checksum)

Note: If you have a checksum, then Windbg can match the checksum of the DLL against the checksum of the PDB. Every development environment has a different way to generate a checksum.

Here is the response for the questions about where to put the PDBs

If you have MyDll.pdb added to a symbol store then you can use the following syntax

.sympath SRV*c:\symcache*http://msdl.microsoft.com/download/symbols

As Roger has suggested above...

However if you just have the PDB locally, you may want to put the path to the PDB first before going out to the symbol server like this

.sympath C:\TheProgram\SomeSubfolder\AnotherSubfolder\;SRV*c:\symcache*http://msdl.microsoft.com/download/symbols

This way Windbg should look local to your SomSubFolder dir before trying to use the Symbols Server cache.

Thanks, Aaron

Fascia answered 21/2, 2009 at 21:46 Comment(1)

However，it is not effective for my windbg, I don't know why – Cutcheon 10/4, 2018 at 9:10

It does not matter where you put private symbol files as long as you're able to tell the debugger where they are.

The warning you're seeing does not have any effect on the stack trace, but the fact you're missing symbols for caller.DLL and app.EXE does.

Configuring symbols in windbg (locally) is as simple as using:

.sympath[+] path_to_pdbs
*and
.symfix+ path_to_system_pdb_store

You seeing:

MyDll!AClass::AFunction+SomeHexAddress

actually means nothing as long as SomeHexAddress is reasonable (and provided that MyDll.pdb has been found and loaded!) - it looks like a proper call stack entry.

Now, my question would be, what is the problem that you're stuck with?

P.S. you don't need .map file with windbg.

Loath answered 23/1, 2009 at 9:55 Comment(0)

As part of our build process, we copy the private PDB files and the released EXE/DLL files to a symbol server. At its simplest, this is just a UNC path, but you can configure it for access using HTTP.

To copy your output files, use the SYMSTORE.EXE program.

Then, configure your debugger (we use Visual Studio and WinDbg) to look in that path. For WinDbg, the simplest way to do this is to set an environment variable:

_NT_SYMBOL_PATH=
    SRV*C:\WebSymbols*http://msdl.microsoft.com/download/symbols;
    \\symsvr\Symbols

(that should all be on one line)

This configures WinDbg to look on the Microsoft Symbol Server (caching the files in C:\WebSymbols) and also to look in a local symbol store (\\symsvr\Symbols).

We also use the Source Server tools to store SVN details in the PDB file, meaning that we can get back to the exact source file used to build a particular release. Look in ...\Debugging Tools for Windows (x86)\srcsrv.

Breakfront answered 23/1, 2009 at 10:25 Comment(0)

One option is to leave the symbol files where they are (i.e. in the build output folder) and then use -y WinDbg command line option to locate these files. Using this approach should guarantee that the symbol files are always be up to date.

From the Microsoft Help:

-y SymbolPath 
Specifies the symbol search path. Separate multiple paths with a 
semicolon (;). If the path contains spaces, it should be enclosed 
in quotation marks. For details, and for other ways to change this 
path, see Symbol Path.

Outshout answered 23/1, 2009 at 4:15 Comment(3)

So how would I use this? type in a command prompt "WinDbg.exe -y BuildOutputFolderHere"? – Construction 23/1, 2009 at 4:53

Works for me: windbg.exe -y "SRVc:\websymbolsmsdl.microsoft.com/download/symbols" – Hooker 21/12, 2009 at 18:51

Leave out the semicolon at the end. Dunno why StackOverflow keeps adding that. – Hooker 21/12, 2009 at 18:52

As it turned out, my target machine - provisioned inside Visual Studio - did not get the latest build upon deploying the to it, hence a "driver.sys has mismatched symbols" error.

Basically deploying did not replace the driver with the modified version of it for me. Use devcon tool to properly install it and Windbg will be happy again.

Repulsive answered 30/10, 2020 at 0:31 Comment(0)

Recommended topics

Hot tags