windows - *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe

link之家

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

Hello Stackoverflow community,

I am trying to debug an application on Windows 10 and require windows debugger framework to load symbols to run certain commands in the (windows kernel debugger) kd.

Each time I load the kernel debugger (kd) on the command prompt by typing kd -kl (NOTE: you would need to enable bcdedit -debug on for it to work), I get the below stack trace:

Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Connected to Windows 10 10240 x64 target at (Tue May  2 18:26:51.800 2017 (UTC - 7:00)), ptr64 TRUE
Symbol search path is: srv*
Executable search path is:
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe -
Windows 10 Kernel Version 10240 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10240.17354.amd64fre.th1_st1.170327-1827
Machine Name:
Kernel base = 0xfffff803`1da07000 PsLoadedModuleList = 0xfffff803`1dd2c070
Debug session time: Tue May  2 18:26:53.740 2017 (UTC - 7:00)
System Uptime: 0 days 0:50:43.754
At first glance, it appears that my sympath is not configured. 
I configure it to point to a path on my file system (see next point). 
.sympath srv*C:\symbols*https://msdl.microsoft.com/download/symbols
Now, I set !sym noisy and do a .reload and I get the following trace
lkd> !sym noisy
 noisy mode - symbol prompts off
 lkd> .reload
    Connected to Windows 10 10240 x64 target at (Tue May  2 18:41:38.542 2017 (UTC - 7:00)), ptr64 TRUE
    SYMSRV:  BYINDEX: 0x3
             c:\symbols*https://msdl.microsoft.com/download/symbols
             ntkrnlmp.pdb
             30D698E116494C24A48409E2A73883CF1
    SYMSRV:  c:\symbols\ntkrnlmp.pdb\30D698E116494C24A48409E2A73883CF1\ntkrnlmp.pdb - file not found
    SYMSRV:  HTTPGET: /download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/ntkrnlmp.pdb
    SYMSRV:  HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
    SYMSRV:  HTTPGET: /download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/ntkrnlmp.pd_
    SYMSRV:  HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
    SYMSRV:  HTTPGET: /download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/file.ptr
    SYMSRV:  HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND
    SYMSRV:  c:\symbols\ntkrnlmp.pdb\30D698E116494C24A48409E2A73883CF1\ntkrnlmp.pdb not found
    SYMSRV:  https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/ntkrnlmp.pdb not found
    DBGHELP: ntkrnlmp.pdb - file not found
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe -
    DBGHELP: nt - export symbols
    Loading Kernel Symbols
    ...............................................................
    ................................................................
    .........
    Loading User Symbols
************* Symbol Loading Error Summary **************
Module name            Error
SharedUserData         No error - symbol load deferred
                                Symbol loading has been deferred because this symbol is not needed
                                at this time. Use reload /f to force load symbols.
ntkrnlmp               The system cannot find the file specified
                                The SYMSRV client failed to find a file in the UNC store, or there
                                is an invalid UNC store (an invalid path or the pingme.txt file is
                                not present in the root directory), or the file is present in the
                                symbol server exclusion list.
I also tried performing the steps explained in ERROR: Symbol file could not be found. windbg.exe and Error:Symbol File not found in WinDbg but no luck. I get errors that indicate several 404 errors.
It always points to this file ntkrnlmp.exe and says its missing(or not found).
Has anyone faced similar issues in the past? If so, what can I do to get this fixed? 
                why do you still use Build 10240/TH1/v1507? Unless you use the LTSB version, the support ends now in May. So update to 1607 or 1703. Maybe it also fixes your issue that you try to solve
– magicandre1981
                May 3, 2017 at 15:41
                @magicandre1981: does your comment indicate that Microsoft will remove symbols from their servers after support ends?
– Thomas Weller
                May 3, 2017 at 21:29
The sympath you configured is correct. I think it is very likely because Microsoft has not uploaded the PDB symbol to their symbol servers. Typically new symbols will be available a few days after each Patch Tuesday. (It may become faster in the future.[1]) For your situation, I suggest you to report this issue to Microsoft WinDbg team at windbgfb@microsoft.com with the trace info you posted here.
[1] https://twitter.com/aluhrs13/status/842590084952088580

[2] The email address comes from this page.
        Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.