I've used windbg for user mode debugging before, but I suspect I did something to my system because I don't recall having a problem using for example the extension command !heap before.
I can clearly see ntdll is a loaded module:
77760000 778e0000 ntdll (pdb symbols) C:Program Files (x86)Windows Kits8.1Debuggersx86symwntdll.pdbFA9C48F9C11D4E0894B8970DECD92C972wntdll.pdb
0:001> lmvm ntdll
start end module name
77760000 778e0000 ntdll (pdb symbols) C:Program Files (x86)Windows Kits8.1Debuggersx86symwntdll.pdb FA9C48F9C11D4E0894B8970DECD92C972wntdll.pdb
Loaded symbol image file: C:WindowsSysWOW64
tdll.dll
Image path: C:WindowsSysWOW64
tdll.dll
Image name: ntdll.dll
Timestamp: Wed Jul 15 13:53:36 2015 (55A69E20)
CheckSum: 00142A8B
ImageSize: 00180000
File version: 6.1.7601.18933
Product version: 6.1.7601.18933
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0409.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft? Windows? Operating System
InternalName: ntdll.dll
OriginalFilename: ntdll.dll
ProductVersion: 6.1.7601.18933
FileVersion: 6.1.7601.18933 (win7sp1_gdr.150715-0600)
FileDescription: NT Layer DLL
LegalCopyright: ? Microsoft Corporation. All rights reserved.
and
0:001> !chksym ntdll
C:WindowsSysWOW64
tdll.dll
Timestamp: 55A69E20
SizeOfImage: 180000
pdb: wntdll.pdb
pdb sig: FA9C48F9-C11D-4E08-94B8-970DECD92C97
age: 2
Loaded pdb is C:Program Files (x86)Windows Kits8.1Debuggersx86symwntdll.pdbFA9C48F9C11D4E0894B8970DECD92C972wntdll.pdb
wntdll.pdb
pdb sig: FA9C48F9-C11D-4E08-94B8-970DECD92C97
age: 2
MATCH: wntdll.pdb and C:WindowsSysWOW64
tdll.dll<code>
When I try to use my heap extension, I get:
0:001> !heap -stat
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_PEB ***
*** ***
.symopt- 100 doesn't help either
and if I try to use the critical section extension I get a similar error:
Bad symbols for NTDLL (error 3). Aborting.
I've read this can occur if you have a mismatch between 32 and 64bit or if you simply don't have symbols properly set up in the first place but I've used .symfix and can force my symbols to reload with .reload /f, I'm using the x86 debugger on an x86 process or a 32-bit dump so I don't see how those issues are at play.
I've started fresh and uninstalled windbg completely and reinstalled the debugging tools for windows from MSDN and still run into the same issue. Surely I'm missing something obvious?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
