none
i can't get internal information of some struct in WRK RRS feed

  • Question

  • i debug WRK by windows debug tools, but there is something wrong.
    i can't get some internal information of some struct in WRK.
    such as Thread, Wait object
    the debug tool show "Unknown error " in Value column.


    Tuesday, May 29, 2007 12:23 PM

Answers

  • It appears the symbols you need aren't loading from this output. Further, it looks like your trying to load the public symbols which are unnecessary. All you have to load are the kernel symbol file that you have from building the WRK as well as one of the HAL symbol files that are included with the WRK. Don't bother with the public symbol files since they are only going to be a subset of the WRK symbols anyway. If you're running the WRK from within Virtual PC 2007 (which I highly recommend), then use the HAL symbol file located in %wrk%\WS03SP1HALS\x86\halacpim. Below is some windbg output I generated this morning using just the WRK and HAL symbol files. In my example below, %wrk% is c:\wrk so replace that part of the path with where ever you've copied the WRK sources and it should work just fine.

     

    Waiting for pipe \\.\pipe\debug
    Waiting to reconnect...
    Connected to Windows Server 2003 3800 x86 compatible target, ptr64 FALSE
    Kernel Debugger connection established.
    Symbol search path is: c:\wrk\base\ntos\build\exe;c:\wrk\WS03SP1HALS\x86\halacpim
    Executable search path is:
    Windows Server 2003 Kernel Version 3800 MP (1 procs) Free x86 compatible
    Built by: 3800.WRKP1.2(daveprobert)
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808a0398
    System Uptime: not available
    WARNING: Path element is empty
    Break instruction exception - code 80000003 (first chance)
    *******************************************************************************
    *                                                                             *
    *   You are seeing this message because you pressed either                    *
    *       CTRL+C (if you run kd.exe) or,                                        *
    *       CTRL+BREAK (if you run WinDBG),                                       *
    *   on your debugger machine's keyboard.                                      *
    *                                                                             *
    *                   THIS IS NOT A BUG OR A SYSTEM CRASH                       *
    *                                                                             *
    * If you did not intend to break into the debugger, press the "g" key, then   *
    * press the "Enter" key now.  This message might immediately reappear.  If it *
    * does, press "g" and "Enter" again.                                          *
    *                                                                             *
    *******************************************************************************
    nt!RtlpBreakWithStatusInstruction:
    80861d94 cc               int     3 

    Wednesday, May 30, 2007 6:37 PM

All replies

  • Did you load the WRK private symbols into WinDbg from when you built the kernel?
    Tuesday, May 29, 2007 5:37 PM
  •  

    I put the private symbols which create when i build the WRK in one folder

    and add the path to WinDbg "Symbol path".

     

    The problem is that i can get some struct information in "locals" window. But when i want to check "PRKTHREAD Thread;" in the "watch" window, "Unknown error" appear in the Value column.

     

    I got output from WinDbg at the begin of debug WRK. Is there something bad??


    Microsoft (R) Windows Debugger  Version 6.6.0003.5
    Copyright (c) Microsoft Corporation. All rights reserved.

    Waiting for pipe \\.\pipe\com_1
    Waiting to reconnect...
    Connected to Windows Server 2003 3800 x86 compatible target, ptr64 FALSE
    Kernel Debugger connection established.  (Initial Breakpoint requested)
    Symbol search path is: I:\WRK\Symbols\WindowsWRK\;srv*I:\Symbols\WindowsWRK*http://msdl.microsoft.com/download/symbols;D:\WINDOWS\Symbols\
    Executable search path is:
    Windows Server 2003 Kernel Version 3800 MP (1 procs) Free x86 compatible
    Built by: 3800.WRKP1.2(daveprobert)
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808a0398
    System Uptime: not available
    Break instruction exception - code 80000003 (first chance)
    *******************************************************************************
    *                                                                             *
    *   You are seeing this message because you pressed either                    *
    *       CTRL+C (if you run kd.exe) or,                                        *
    *       CTRL+BREAK (if you run WinDBG),                                       *
    *   on your debugger machine's keyboard.                                      *
    *                                                                             *
    *                   THIS IS NOT A BUG OR A SYSTEM CRASH                       *
    *                                                                             *
    * If you did not intend to break into the debugger, press the "g" key, then   *
    * press the "Enter" key now.  This message might immediately reappear.  If it *
    * does, press "g" and "Enter" again.                                          *
    *                                                                             *
    *******************************************************************************
    nt!RtlpBreakWithStatusInstruction:
    80861d94 cc               int     3
    *** ERROR: Module load completed but symbols could not be loaded for Mup.sys
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for NDIS.sys -
    *** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for KSecDD.sys -
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for fltMgr.sys -
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for CLASSPNP.SYS -
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for SCSIPORT.SYS -
    *** ERROR: Module load completed but symbols could not be loaded for symmpi.sys
    *** ERROR: Module load completed but symbols could not be loaded for atapi.sys
    *** ERROR: Module load completed but symbols could not be loaded for volsnap.sys
    *** ERROR: Module load completed but symbols could not be loaded for dmio.sys
    *** ERROR: Module load completed but symbols could not be loaded for ftdisk.sys
    *** ERROR: Module load completed but symbols could not be loaded for pci.sys
    *** ERROR: Module load completed but symbols could not be loaded for ACPI.sys
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for WMILIB.SYS -
    *** ERROR: Module load completed but symbols could not be loaded for isapnp.sys
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for PCIIDEX.SYS -
    *** ERROR: Module load completed but symbols could not be loaded for MountMgr.sys
    *** ERROR: Module load completed but symbols could not be loaded for PartMgr.sys
    *** ERROR: Module load completed but symbols could not be loaded for disk.sys
    *** ERROR: Module load completed but symbols could not be loaded for Dfs.sys
    *** ERROR: Module load completed but symbols could not be loaded for agp440.sys
    *** ERROR: Module load completed but symbols could not be loaded for crcdisk.sys
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for kdcom.dll -
    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for BOOTVID.dll -
    *** ERROR: Module load completed but symbols could not be loaded for intelide.sys
    *** ERROR: Module load completed but symbols could not be loaded for dmload.sys

    Wednesday, May 30, 2007 12:01 AM
  • It appears the symbols you need aren't loading from this output. Further, it looks like your trying to load the public symbols which are unnecessary. All you have to load are the kernel symbol file that you have from building the WRK as well as one of the HAL symbol files that are included with the WRK. Don't bother with the public symbol files since they are only going to be a subset of the WRK symbols anyway. If you're running the WRK from within Virtual PC 2007 (which I highly recommend), then use the HAL symbol file located in %wrk%\WS03SP1HALS\x86\halacpim. Below is some windbg output I generated this morning using just the WRK and HAL symbol files. In my example below, %wrk% is c:\wrk so replace that part of the path with where ever you've copied the WRK sources and it should work just fine.

     

    Waiting for pipe \\.\pipe\debug
    Waiting to reconnect...
    Connected to Windows Server 2003 3800 x86 compatible target, ptr64 FALSE
    Kernel Debugger connection established.
    Symbol search path is: c:\wrk\base\ntos\build\exe;c:\wrk\WS03SP1HALS\x86\halacpim
    Executable search path is:
    Windows Server 2003 Kernel Version 3800 MP (1 procs) Free x86 compatible
    Built by: 3800.WRKP1.2(daveprobert)
    Kernel base = 0x80800000 PsLoadedModuleList = 0x808a0398
    System Uptime: not available
    WARNING: Path element is empty
    Break instruction exception - code 80000003 (first chance)
    *******************************************************************************
    *                                                                             *
    *   You are seeing this message because you pressed either                    *
    *       CTRL+C (if you run kd.exe) or,                                        *
    *       CTRL+BREAK (if you run WinDBG),                                       *
    *   on your debugger machine's keyboard.                                      *
    *                                                                             *
    *                   THIS IS NOT A BUG OR A SYSTEM CRASH                       *
    *                                                                             *
    * If you did not intend to break into the debugger, press the "g" key, then   *
    * press the "Enter" key now.  This message might immediately reappear.  If it *
    * does, press "g" and "Enter" again.                                          *
    *                                                                             *
    *******************************************************************************
    nt!RtlpBreakWithStatusInstruction:
    80861d94 cc               int     3 

    Wednesday, May 30, 2007 6:37 PM