Cosmo439
asked on
Windbg - how to set up
I have been having many bsods on my computer and in an effort to figure out what is wrong, I downloaded and installed Windbg. However, I cannot find the symbol table, can anyone help me??
ASKER
sorry,
I'm having errors in win32k.sys, I think.
When the Blue Screen comes up it says the memory address of the error (do you want to know that as well) and also says it's associated with win32k.sys.
I'm having errors in win32k.sys, I think.
When the Blue Screen comes up it says the memory address of the error (do you want to know that as well) and also says it's associated with win32k.sys.
ASKER
this crash is not caused by a program that I have written, so I don't know where windows puts it's symbol file
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everyone who responded, those other sites are helpful as well, but I was just trying to get the symbol files. Thanks again.
Kernel Mode Debugging
Generally, Kernel Mode debugging requires two machines, a debugger and the debuggee. The debugger is the system running the debug tools and is most often a crash cart machine or laptop. The debuggee is the target system experiencing a particular problem that we place under a software debugger to gain more valuable and direct information.
Requirements:
2 Systems (1 in a few special cases to be covered in a later session)
Windows Debugging Tools – http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Symbols – Private preferred, Public acceptable for most cases
Internet Access for WebSymbols (see the above link for more details)
NULL Modem cable
COM Ports available on both systems
The Setup:
First we will begin with the target system or debuggee. To enable debugging on this machine, the boot.ini must be modified to enter Debug Mode. This can be accomplished by adding the /debug switch along with the /debugport= and /baudrate= switches, respectively. Here is an example of an unmodified boot.ini followed by a debug ready boot.ini:
[boot loader]
timeout=30
default=multi(0)disk(0)rdi
[operating systems]
multi(0)disk(0)rdisk(0)par
[boot loader]
timeout=30
default=multi(0)disk(0)rdi
[operating systems]
multi(0)disk(0)rdisk(0)par
After a reboot, the OS Loader Menu will display the second entry above as [Debugging Enabled] next to the OS option. Selecting this environment will open the debug listeners and place the machine in a debug ready state. Connecting the NULL modem cable to COM2 on the debuggee will allow it to communicate serially to the debugger. Outside of this setup, you can alternatively press F8 from the OS Loader Menu and Select ‘Debug Mode’. This will automatically set the machine into a debug state using COM1 at a baudrate of 19200 (default).
NOTE: A NULL Modem cable is nothing more than a 9-pin to 9-pin serial cable with pins 2 and 3 connected directly from end to end. A standard serial cable crosses pins 2 and 3 from end to end.
While it is not required for Kernel Mode Debugging, it is always a good practice to install the Debug Tools and Symbols on the debuggee. They are required on the debugger.
Next, we need to setup the debugger running on the crash cart or laptop system. To start, we need to install the latest debug tools locally. Internally these tools can be found on \\dbg and are updated regularly. Symbols are generally not part of the debug package, but can be downloaded from http://www.microsoft.com/whdc/devtools/debugging/default.mspx or by using WebSymbols (requires Internet access) from previous link.
Once the tools and symbols are present, connect the NULL modem cable to COM1 on the debugger. If COM1 is not available, select the next available serial port. The only thing remaining is the environment setup. When using WinDbg, all environment options are in the UI. KD, CDB, and NTSD are command-line debuggers and must use environment variables. Details of when and where to set these options can be found under the ‘Step-by-Step Kernel Mode Debug Setup’ below.
Step-by-Step Kernel Mode Setup:
Target Machine (Debuggee)
1. Install Debug Tools
2. Install Symbols (not required)
3. Modify Boot.ini
4. Connect NULL Modem Cable to the specified COM port
a. Move to Step 1 under Source Machine
5. Reboot
6. Select the Debugger Enabled OS Option
Source Machine (Debugger)
1. Install Debug Tools
2. Install Symbols or setup for WebSymbols
3. Connect NULL Modem Cable to the desired COM port
4. Open a CMD Window
5. Set environment variables
a. WinDbg Users: Use File -> Kernel Debug and Symbol File Path options. The settings for Kernel Debug are relative to the local machine, not the debuggee.
b. KD Users: Set the following environment variables (individually or via a script, e.g., .cmd or .bat file). Other environment variables exist and will be covered in later sessions as needed.
set _NT_SYMBOL_PATH=[Drive:][P
set _NT_DEBUG_PORT=com[1|2|...
set _NT_DEBUG_BAUD_RATE=baud rate
6. Connect the debugger by clicking OK in WinDbg when in the Kernel Debug options or by running kd.exe [options] from a command-line
a. Move to Step 5 under Target Machine
7. Verify the connection by looking for debug spew to the debugger
Web Symbols
SRV*(local repository)*http://msdl.microsoft.com/download/symbols
Example:
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
Generally, Kernel Mode debugging requires two machines, a debugger and the debuggee. The debugger is the system running the debug tools and is most often a crash cart machine or laptop. The debuggee is the target system experiencing a particular problem that we place under a software debugger to gain more valuable and direct information.
Requirements:
2 Systems (1 in a few special cases to be covered in a later session)
Windows Debugging Tools – http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Symbols – Private preferred, Public acceptable for most cases
Internet Access for WebSymbols (see the above link for more details)
NULL Modem cable
COM Ports available on both systems
The Setup:
First we will begin with the target system or debuggee. To enable debugging on this machine, the boot.ini must be modified to enter Debug Mode. This can be accomplished by adding the /debug switch along with the /debugport= and /baudrate= switches, respectively. Here is an example of an unmodified boot.ini followed by a debug ready boot.ini:
[boot loader]
timeout=30
default=multi(0)disk(0)rdi
[operating systems]
multi(0)disk(0)rdisk(0)par
[boot loader]
timeout=30
default=multi(0)disk(0)rdi
[operating systems]
multi(0)disk(0)rdisk(0)par
After a reboot, the OS Loader Menu will display the second entry above as [Debugging Enabled] next to the OS option. Selecting this environment will open the debug listeners and place the machine in a debug ready state. Connecting the NULL modem cable to COM2 on the debuggee will allow it to communicate serially to the debugger. Outside of this setup, you can alternatively press F8 from the OS Loader Menu and Select ‘Debug Mode’. This will automatically set the machine into a debug state using COM1 at a baudrate of 19200 (default).
NOTE: A NULL Modem cable is nothing more than a 9-pin to 9-pin serial cable with pins 2 and 3 connected directly from end to end. A standard serial cable crosses pins 2 and 3 from end to end.
While it is not required for Kernel Mode Debugging, it is always a good practice to install the Debug Tools and Symbols on the debuggee. They are required on the debugger.
Next, we need to setup the debugger running on the crash cart or laptop system. To start, we need to install the latest debug tools locally. Internally these tools can be found on \\dbg and are updated regularly. Symbols are generally not part of the debug package, but can be downloaded from http://www.microsoft.com/whdc/devtools/debugging/default.mspx or by using WebSymbols (requires Internet access) from previous link.
Once the tools and symbols are present, connect the NULL modem cable to COM1 on the debugger. If COM1 is not available, select the next available serial port. The only thing remaining is the environment setup. When using WinDbg, all environment options are in the UI. KD, CDB, and NTSD are command-line debuggers and must use environment variables. Details of when and where to set these options can be found under the ‘Step-by-Step Kernel Mode Debug Setup’ below.
Step-by-Step Kernel Mode Setup:
Target Machine (Debuggee)
1. Install Debug Tools
2. Install Symbols (not required)
3. Modify Boot.ini
4. Connect NULL Modem Cable to the specified COM port
a. Move to Step 1 under Source Machine
5. Reboot
6. Select the Debugger Enabled OS Option
Source Machine (Debugger)
1. Install Debug Tools
2. Install Symbols or setup for WebSymbols
3. Connect NULL Modem Cable to the desired COM port
4. Open a CMD Window
5. Set environment variables
a. WinDbg Users: Use File -> Kernel Debug and Symbol File Path options. The settings for Kernel Debug are relative to the local machine, not the debuggee.
b. KD Users: Set the following environment variables (individually or via a script, e.g., .cmd or .bat file). Other environment variables exist and will be covered in later sessions as needed.
set _NT_SYMBOL_PATH=[Drive:][P
set _NT_DEBUG_PORT=com[1|2|...
set _NT_DEBUG_BAUD_RATE=baud rate
6. Connect the debugger by clicking OK in WinDbg when in the Kernel Debug options or by running kd.exe [options] from a command-line
a. Move to Step 5 under Target Machine
7. Verify the connection by looking for debug spew to the debugger
Web Symbols
SRV*(local repository)*http://msdl.microsoft.com/download/symbols
Example:
SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols
http://www.winnetmag.com/Web/Article/ArticleID/21217/Web_21217.html
What kind of errors .. giving the error messages would help us
Sunray