當我嘗試驗證是否正確設定了 WinDbg 時,我打開了可執行檔案 C:\WINDOWS\NOTEPAD.exe 并嘗試檢查加載的模塊。
首先,這些是設定的環境變數:
_NT_SYMBOL_PATH: c:\mysymbols;SRV*c:\symbols*https://msdl.microsoft.com/download/symbols
_NT_EXECUTABLE_IMAGE_PATH: SRV*c:\symbols
這是 WinDbg 輸出:
CommandLine: C:\WINDOWS\NOTEPAD.EXE
Symbol search path is: SRV*C:\symbols*https://msdl.microsoft.com/download/symbols;c:\mysymbols
Executable search path is: SRV*c:\symbols
ModLoad: 01000000 01014000 notepad.exe
ModLoad: 7c910000 7c9c9000 ntdll.dll
ModLoad: 7c800000 7c908000 C:\WINDOWS\system32\kernel32.dll
ModLoad: 76350000 7639a000 C:\WINDOWS\system32\comdlg32.dll
ModLoad: 77da0000 77e4a000 C:\WINDOWS\system32\ADVAPI32.dll
ModLoad: 77e50000 77ee3000 C:\WINDOWS\system32\RPCRT4.dll
ModLoad: 77fc0000 77fd1000 C:\WINDOWS\system32\Secur32.dll
ModLoad: 773a0000 774a3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll
ModLoad: 77be0000 77c38000 C:\WINDOWS\system32\msvcrt.dll
ModLoad: 77ef0000 77f39000 C:\WINDOWS\system32\GDI32.dll
ModLoad: 7e360000 7e3f1000 C:\WINDOWS\system32\USER32.dll
ModLoad: 77f40000 77fb6000 C:\WINDOWS\system32\SHLWAPI.dll
ModLoad: 7e670000 7ee91000 C:\WINDOWS\system32\SHELL32.dll
ModLoad: 72f70000 72f96000 C:\WINDOWS\system32\WINSPOOL.DRV
(ef8.f6c): Break instruction exception - code 80000003 (first chance)
eax=001a1eb4 ebx=7ffd5000 ecx=00000007 edx=00000080 esi=001a1f48 edi=001a1eb4
eip=7c91120e esp=0007fb20 ebp=0007fc94 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!DbgBreakPoint:
7c91120e cc int 3
當我嘗試列出加載的模塊時,我打開了 sym 噪聲模式,稱為 .reload 并獲得了持續的輸出:
0:000> !sym noisy
noisy mode - symbol prompts on
0:000> .reload
Reloading current modules
..............
DBGHELP: c:\mysymbols\ntdll.pdb - mismatched pdb
DBGHELP: c:\mysymbols\symbols\dll\ntdll.pdb - file not found
DBGHELP: c:\mysymbols\dll\ntdll.pdb - file not found
SYMSRV: Die Serververbindung wurde zurückgesetzt.
SYMSRV: c:\symbols\ntdll.pdb\A618C674A4FC40F5B1781029C2C7F68E2\ntdll.pdb not found
SYMSRV: https://msdl.microsoft.com/download/symbols/ntdll.pdb/A618C674A4FC40F5B1781029C2C7F68E2/ntdll.pdb not found
DBGHELP: C:\WINDOWS\system32\ntdll.pdb - file not found
DBGHELP: ntdll.pdb - file not found
DBGHELP: Couldn't load mismatched pdb for C:\WINDOWS\system32\ntdll.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
DBGHELP: ntdll - export symbols
0:000> lm
start end module name
01000000 01014000 notepad (deferred)
72f70000 72f96000 WINSPOOL (deferred)
76350000 7639a000 comdlg32 (deferred)
773a0000 774a3000 COMCTL32 (deferred)
77be0000 77c38000 msvcrt (deferred)
77da0000 77e4a000 ADVAPI32 (deferred)
77e50000 77ee3000 RPCRT4 (deferred)
77ef0000 77f39000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
7c800000 7c908000 kernel32 (deferred)
7c910000 7c9c9000 ntdll (export symbols) C:\WINDOWS\system32\ntdll.dll
7e360000 7e3f1000 USER32 (deferred)
7e670000 7ee91000 SHELL32 (deferred)
行 7c910000 7c9c9000 ntdll (export symbols) C:\WINDOWS\system32\ntdll.dll 顯示,符號檔案無法成功加載。
我已經下載并安裝了符號(如WindowsXP-KB835935-SP2-slp-Symbols),但 PDB 檔案似乎與我的 ntdll.dll 構建不匹配。但為什么會這樣呢?我有機會讓它作業嗎?
uj5u.com熱心網友回復:
由于我無法停止思考問題的根源,我重新閱讀了上面的輸出:
SYMSRV: c:\symbols\ntdll.pdb\A618C674A4FC40F5B1781029C2C7F68E2\ntdll.pdb not found
SYMSRV: https://msdl.microsoft.com/download/symbols/ntdll.pdb/A618C674A4FC40F5B1781029C2C7F68E2/ntdll.pdb not found
除錯器正在尋找一個具有 GUID A618C674A4FC40F5B1781029C2C7F68E2 的符號檔案,它甚至會輸出一個它試圖從中加載 pdb 的 URI。因此,我嘗試手動下載 pdb,這很有效,手動創建了 GUID 目錄,將 blob 檔案重命名為 ntdll.pdb 并將其放在 GUID 目錄中。
結果,它終于奏效了,如下面的輸出所示:
:000> .reload
Reloading current modules
............
DBGHELP: c:\mysymbols\ntdll.pdb - mismatched pdb
DBGHELP: c:\mysymbols\symbols\dll\ntdll.pdb - file not found
DBGHELP: c:\mysymbols\dll\ntdll.pdb - file not found
DBGHELP: ntdll - public symbols
c:\symbols\ntdll.pdb\A618C674A4FC40F5B1781029C2C7F68E2\ntdll.pdb
..
0:000> lm
start end module name
01000000 01014000 notepad (deferred)
72f70000 72f96000 WINSPOOL (deferred)
76350000 7639a000 comdlg32 (deferred)
773a0000 774a3000 COMCTL32 (deferred)
77be0000 77c38000 msvcrt (deferred)
77da0000 77e4a000 ADVAPI32 (deferred)
77e50000 77ee2000 RPCRT4 (deferred)
77ef0000 77f38000 GDI32 (deferred)
77f40000 77fb6000 SHLWAPI (deferred)
77fc0000 77fd1000 Secur32 (deferred)
7c800000 7c907000 kernel32 (deferred)
7c910000 7c9c9000 ntdll (pdb symbols) c:\symbols\ntdll.pdb\A618C674A4FC40F5B1781029C2C7F68E2\ntdll.pdb
7e360000 7e3f0000 USER32 (deferred)
7e670000 7ee90000 SHELL32 (deferred)
編輯:我終于能夠從符號服務器自動下載作業!一開始我一直在考慮,但不相信這可能是原因:使用較新的版本 6.12.0002.633 它確實可以按預期作業,而使用 6.6.07.5 則沒有。
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/438429.html
標籤:调试 windows-xp 风吧 非托管