问题
I try to analyze some memory dump. But I stack on debug symbols of some Microsoft dll (sechost.dll).
What I do:
1) !sym noisy
2) .symfix
3) .sympath
My .sympath is:
Symbol search path is: srv*
Expanded Symbol search path is: cache*;SRV*http://msdl.microsoft.com/download/symbols
4) analyze -v
After it I saw symbols loading.
But for some symbols I have
......
SYMSRV: The operation timed out
SYMSRV: http://msdl.microsoft.com/download/symbols/sechost.pdb/C4FD72A96E384F62A5F796624D37EAB42/sechost.pdb not found
SYMSRV: C:\ProgramData\dbg\sym\sechost.pdb\C4FD72A96E384F62A5F796624D37EAB42\sechost.pdb not found
DBGHELP: sechost.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for sechost.dll -
DBGHELP: sechost - export symbols
......
When actual analyze start I saw:
.....
IMAGE_NAME: sechost.dll
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: WRONG_SYMBOLS_80000003_sechost.dll!SubscribeServiceChangeNotifications
.....
I understand that I don't have PDB for this DLL. I try load it with .reload /f sechost.dll. But analyze got stuck on same place.
How to deal with this?
Maybe there is possibility to increase connection timeout or other way to get what I need?
回答1:
I asked this Microsoft and Andy Luhrs replied me that Microsoft needs 3 days to publish the symbols for new builds/ Windows 10 updates.
So if you analyze dumps after updates have been published, try to load symbols 3 days after the update was published.
回答2:
Symbols was temporary unavailable on the server after cumulative update Win10 1607. Microsoft already solved the issue. Better solution in such kind of situations - report the issue to the maintainer.
来源:https://stackoverflow.com/questions/42770518/microsoft-debug-symbol-dont-work