Is WinDbg supposed to be so excruciatingly slow?

Question

I\'m trying to analyze some mini crash dumps. I\'m using Windows 10 Pro Build 1607 and WinDbg 10.0.14321.1024. I have my symbol file path set to

SRV*C:\\Sym         


        

Answer 1

These kind of complaints seem to occur more often lately and I can reproduce it on my PC. This is not your fault but some issue with the Internet or the symbol server on Microsoft side.

Monitoring the traffic with Wireshark and looking at my disk on how the symbol cache get populated, I can say:

• only one file is being downloaded at a time.
• the problem also occurs with older WinDbg versions (6.2.9200)
• the problem occurs with HTTP and HTTPS
• when symbols are found, the transfer speed is very slow, then increasing. The effective transfer rate is down at 11 kb/s to 20 kb/s (on a line which can handle 6500 kb/s)
• there's quite a high number of packets out of order, duplicate packets etc., especially during the "lookup phase" where no file is downloaded yet. Such a lookup phase can easily take 8 minutes.
• even if the file already exists on disk, the "lookup phase" is performed.
• the HTTP roundtrip time (request to response) is 8 to 9 seconds

Answer 2

This is the symbol server being really slow. Other have noticed as well: https://twitter.com/BruceDawson0xB/status/772586358556667904

Your symbol path contains a local cache so it should load faster next time around, but it seems that the cache is not effective, I can't tell really why (I suspect the downloaded symbols are not a perfect match and they are being downloaded again, every time).

I would recommend modifying the _NT_SYMBOL_PATH (or whatever is the way your sympath is initialized) to SRV*C:\SymCache only, ie. do not attempt to automatically download, just use the symbols you already have cached locally. The image should open fairly fast. Only enable the symbols server if you discover missing symbols.