版本:windows 10
版本號:1909
作業系統版本:18363.592
(1)編輯環境變數,Path設定為windbg路徑:C:\Program Files (x86)\Windows Kits\10\Debuggers\x64,新建變數_NT_SYMBOL_PATH,值設定為SRV*C:\mysymbol* http://msdl、microsoft、com/download/symbols
(2)重啟計算機發現C盤并沒有新建檔案夾mysymbol
(3)啟動windbg連接一個行程,輸入!heap結果:
0:024> !heap
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_HEAP_ENTRY ***
*** ***
*************************************************************************
Invalid type information
輸入: .sympath SRV*C:\mysymbol* http://msdl、microsoft、com/download/symbols
0:024> .sympath SRV*C:\mysymbol* http://msdl、microsoft、com/download/symbols
Symbol search path is: SRV*C:\mysymbol* http://msdl、microsoft、com/download/symbols
Expanded Symbol search path is: srv*c:\mysymbol* http://msdl、microsoft、com/download/symbols
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\mysymbol* http://msdl、microsoft、com/download/symbols
輸入:.reload
0:024> .reload
Reloading current modules
................................................................
.................................
************* Symbol Loading Error Summary **************
Module name Error
ntdll The system cannot find the file specified
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
這里卡了我好幾天了,百度上的方法都試過了,還是不行,求大佬幫忙看看
uj5u.com熱心網友回復:
你那個網址里面的為什么是漢字的頓號,不應該是英文的小數點嗎?uj5u.com熱心網友回復:
實際上是點,因為網頁鏈接太多限制發帖,我自己改的uj5u.com熱心網友回復:
就這個 ntdll 嗎,還有其它的沒?如果就是它,這個好像是不同系統是實際是不同的名的,我對 windbg 也不太熟,只是以前曾遇見過網上搜索過,有這么一說;如果其它也是,沒有在你的那個 symbols 目錄下下載來相關檔案,那或許路徑里本地目錄和網路路徑不要有空格?uj5u.com熱心網友回復:
這個目錄是從網上的教程復制下來的,其實中間空格刪掉我也試過了,也是沒有變化。就是創建完環境變數再重啟之后發現并沒有mysymbol檔案夾,自己手動創建也不行,感覺是目錄識別不出來,但是還找不出毛病。uj5u.com熱心網友回復:
剛才試了下,也是找不到,到微軟網站去也是找不到。我是 win7 32位,難道這也被停止支持了?不至于吧?!sym noisy 命令后再加載,提示類似:
SYMSRV: m:\symbols\kernelbase.pdb\59D5EEBCB6B044C7A1572DAE49752E1D2\kernelbase.pdb not found
SYMSRV: http://msdl.microsoft.com/download/symbols/kernelbase.pdb/59D5EEBCB6B044C7A1572DAE49752E1D2/kernelbase.pdb not found
DBGHELP: C:\Windows\system32\kernelbase.pdb - file not found
DBGHELP: kernelbase.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\KERNELBASE.dll -
DBGHELP: KERNELBASE - export symbols
SYMSRV: 與服務器的連接被重置
系統的都是這樣的。能到這樣,說明設定得是沒錯的吧。
uj5u.com熱心網友回復:
我設定的時候一點流量都一點流量都不走,檔案目錄里也什么都沒有,本以為用離線包呢,結果官網前年就不提供離線符號包了。轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/23703.html
標籤:安全技術/病毒
