WinDBG Preview

Tags: #<Tag:0x00007febeb0eff90> #<Tag:0x00007febeb0efe28>

WinDBG Preview

Loading of Symbols in WinDBG Preview

Attach to the running process notepad.exe. Set .sympath and .reload.

0:006> .sympath c:\mss*https://msdl.microsoft.com/download/symbols
Symbol search path is: c:\mss*https://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: c:\mss*https://msdl.microsoft.com/download/symbols

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       c:\mss*https://msdl.microsoft.com/download/symbols
0:006> .reload
Reloading current modules
............................................

************* Symbol Loading Error Summary **************
Module name            Error
SharedUserData         No error - symbol load deferred
ntdll                  The system cannot find the file specified

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.

Error:

ntdll The system cannot find the file specified

Hmmh. .symfix to the rescue.

************* Symbol Loading Error Summary **************
Module name            Error
SharedUserData         No error - symbol load deferred
ntdll                  The system cannot find the file specified

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
0:006> .symfix c:\mss
0:006> .reload /o
Reloading current modules
............................................

************* Symbol Loading Error Summary **************
Module name            Error
SharedUserData         No error - symbol load deferred

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.

ntdll is found. Sometimes this error is persistent after updates. On Windows 10 Enterprise you may be able to delay updates to ensure that you will have symbols on your debug system.

Stacktrace of the main notepad thread

Note the Call Site column being shown in the threads window on the bottom right corner in this WinDBG Preview layout (dark theme). The addresses have been resolved correctly, thus, in this case, the symbol servers are being used correctly

0:006> ~0k
 # Child-SP          RetAddr           Call Site
00 0000008f`46c8fc98 00007ff9`9b50394d win32u!NtUserGetMessage+0x14
01 0000008f`46c8fca0 00007ff6`d103a3d3 USER32!GetMessageW+0x2d
02 0000008f`46c8fd00 00007ff6`d10502b7 notepad!WinMain+0x293
03 0000008f`46c8fdd0 00007ff9`9c3d7bd4 notepad!__mainCRTStartup+0x19f
04 0000008f`46c8fe90 00007ff9`9c5eced1 KERNEL32!BaseThreadInitThunk+0x14
05 0000008f`46c8fec0 00000000`00000000 ntdll!RtlUserThreadStart+0x21
  • ~0 — main thread
  • k – stacktrace