Discussion:
Child display driver ... adding PnP crashes!
(too old to reply)
a***@rediffmail.com
2006-05-10 10:08:11 UTC
Permalink
Hello
I want to implement a WDM Child Display Driver and request I2C
interface
from display driver which I am going to use to send the DDC/CI data to
Monitor.
Intially, just to test the I2C interface, I added the I2C routines in
the AddDevice() function and was able to get a pointer for the
I2CInterface. But there might be a problem with this, since I was never
able to call i2copen() function after this.( The system crashes ).

Later I tried to modify the driver, and add the required dispatch
routines. But as soon as i add the PnP dispatch routine the system
crashes!!

My DriverEntry() looks like this
---------------------------------------------------------------------------------------------------------------------------------
DriverObject->MajorFunction[IRP_MJ_CREATE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] =
I2C_WDMDispatch;
DriverObject->DriverUnload = I2C_WDMDriverUnload;
DriverObject->MajorFunction[IRP_MJ_PNP] = I2C_WDMDispatchPnp;
//PnP routine
DriverObject->MajorFunction[IRP_MJ_POWER] =
I2C_WDMDispatchPower; //Power Mangement
DriverObject->MajorFunction[IRP_MJ_SYSTEM_CONTROL] =
I2C_WDMDispatchSystemControl;
DriverObject->DriverExtension->AddDevice = I2C_WDMAddDevice; //
AddDevice
------------------------------------------------------------------------------------------------------------------------------


and the IoCreateDevice function has been called with the following
parameters
--------------------------------------------------------------------------------------------------------------------------
IoCreateDevice ( DriverObject,
// our driver object
sizeof (FDO_DATA), // device object extension
size
NULL, // FDOs do not have
names
FILE_DEVICE_VIDEO, // Video device
FILE_DEVICE_SECURE_OPEN, //
FALSE,
&deviceObject); // The device object
created
----------------------------------------------------------------------------------------------------------------------------

Can anyone give me some tips as to why adding the PnP routine forces
the system to crash
Please let me know if you want some further information
Thanks and regards
Abhishek
Doron Holan [MS]
2006-05-11 02:07:05 UTC
Permalink
where in the routine does the crash occur? what is the bugcheck code and
callstack ? the output of !analyze -v?

d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by a***@rediffmail.com
Hello
I want to implement a WDM Child Display Driver and request I2C
interface
from display driver which I am going to use to send the DDC/CI data to
Monitor.
Intially, just to test the I2C interface, I added the I2C routines in
the AddDevice() function and was able to get a pointer for the
I2CInterface. But there might be a problem with this, since I was never
able to call i2copen() function after this.( The system crashes ).
Later I tried to modify the driver, and add the required dispatch
routines. But as soon as i add the PnP dispatch routine the system
crashes!!
My DriverEntry() looks like this
---------------------------------------------------------------------------------------------------------------------------------
DriverObject->MajorFunction[IRP_MJ_CREATE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] =
I2C_WDMDispatch;
DriverObject->DriverUnload = I2C_WDMDriverUnload;
DriverObject->MajorFunction[IRP_MJ_PNP] = I2C_WDMDispatchPnp;
//PnP routine
DriverObject->MajorFunction[IRP_MJ_POWER] =
I2C_WDMDispatchPower; //Power Mangement
DriverObject->MajorFunction[IRP_MJ_SYSTEM_CONTROL] =
I2C_WDMDispatchSystemControl;
DriverObject->DriverExtension->AddDevice = I2C_WDMAddDevice; //
AddDevice
------------------------------------------------------------------------------------------------------------------------------
and the IoCreateDevice function has been called with the following
parameters
--------------------------------------------------------------------------------------------------------------------------
IoCreateDevice ( DriverObject,
// our driver object
sizeof (FDO_DATA), // device object extension
size
NULL, // FDOs do not have
names
FILE_DEVICE_VIDEO, // Video device
FILE_DEVICE_SECURE_OPEN, //
FALSE,
&deviceObject); // The device object
created
----------------------------------------------------------------------------------------------------------------------------
Can anyone give me some tips as to why adding the PnP routine forces
the system to crash
Please let me know if you want some further information
Thanks and regards
Abhishek
a***@rediffmail.com
2006-05-11 04:48:56 UTC
Permalink
Hello Doron

First of all let me thank you for replying to my posting. I did try to
analyze the crash dump, but couldnot conclusively decide the reason of
the crash, as I am fairly new to windows environment.
To further our discussion I am pasting a copy of the !analyze -v
command results. Please take a look
----------------------------------------------------------------------------------------------------------------------------------------

*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: f789b34a, The address that the exception occurred at
Arg3: f78ea8d0, Exception Record Address
Arg4: f78ea5cc, Context Record Address

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.


EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
KernelWDC_I2C+434a
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0

EXCEPTION_PARAMETER1: f78ea8d0

CONTEXT: f78ea5cc -- (.cxr fffffffff78ea5cc)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=8498a830
edi=84228290
eip=f789b34a esp=f78ea998 ebp=f78ea9c0 iopl=0 nv up ei ng nz ac
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010292
KernelWDC_I2C+0x434a:
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
ds:0023:00000010=????????
Resetting default scope

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x7E

LAST_CONTROL_TRANSFER: from f789b0e0 to f789b34a

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may
be wrong.
f78ea9c0 f789b0e0 00000000 84228290 00000001 KernelWDC_I2C+0x434a
f78ea9e8 8050d085 8498a830 84228290 e195a090 KernelWDC_I2C+0x40e0
f78eaa00 805a4f21 f789b020 00000004 00000001
nt!IoAttachDeviceToDeviceStack+0x137
f78eaac8 805a0c7b 00000000 02000001 00000000 nt!RtlUpperChar+0x2460
f78ead24 80624989 83e28008 00000001 00000000 nt!IoCreateDevice+0x889
f78ead54 8050c438 00000003 805605c0 805694fc
nt!IoReportTargetDeviceChange+0xe68
f78ead7c 804e23b5 00000000 00000000 863c23c8
nt!IoInvalidateDeviceRelations+0x303
f78eadac 80574128 00000000 00000000 00000000 nt!KeRemoveQueue+0x221
f78eaddc 804efc81 804e22f1 00000001 00000000
nt!PsCreateSystemThread+0x70
00000000 00000000 00000000 00000000 00000000
nt!KeInitializeTimerEx+0x1e6


FOLLOWUP_IP:
KernelWDC_I2C+434a
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0

FOLLOWUP_NAME: MachineOwner

SYMBOL_NAME: KernelWDC_I2C+434a

MODULE_NAME: KernelWDC_I2C

IMAGE_NAME: KernelWDC_I2C.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 44450179

STACK_COMMAND: .cxr fffffffff78ea5cc ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

-----------------------------------------------------------------------------------------------------------------------------------
Is the problem with IoAttachDeviceToDeviceStack() ? If so, why does the
system not crash when I comment of the PnP routine?
Looking forward for some tips

Abhishek
Post by Doron Holan [MS]
where in the routine does the crash occur? what is the bugcheck code and
callstack ? the output of !analyze -v?
d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by a***@rediffmail.com
Hello
I want to implement a WDM Child Display Driver and request I2C
interface
from display driver which I am going to use to send the DDC/CI data to
Monitor.
Intially, just to test the I2C interface, I added the I2C routines in
the AddDevice() function and was able to get a pointer for the
I2CInterface. But there might be a problem with this, since I was never
able to call i2copen() function after this.( The system crashes ).
Later I tried to modify the driver, and add the required dispatch
routines. But as soon as i add the PnP dispatch routine the system
crashes!!
My DriverEntry() looks like this
---------------------------------------------------------------------------------------------------------------------------------
DriverObject->MajorFunction[IRP_MJ_CREATE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] =
I2C_WDMDispatch;
DriverObject->DriverUnload = I2C_WDMDriverUnload;
DriverObject->MajorFunction[IRP_MJ_PNP] = I2C_WDMDispatchPnp;
//PnP routine
DriverObject->MajorFunction[IRP_MJ_POWER] =
I2C_WDMDispatchPower; //Power Mangement
DriverObject->MajorFunction[IRP_MJ_SYSTEM_CONTROL] =
I2C_WDMDispatchSystemControl;
DriverObject->DriverExtension->AddDevice = I2C_WDMAddDevice; //
AddDevice
------------------------------------------------------------------------------------------------------------------------------
and the IoCreateDevice function has been called with the following
parameters
--------------------------------------------------------------------------------------------------------------------------
IoCreateDevice ( DriverObject,
// our driver object
sizeof (FDO_DATA), // device object extension
size
NULL, // FDOs do not have
names
FILE_DEVICE_VIDEO, // Video device
FILE_DEVICE_SECURE_OPEN, //
FALSE,
&deviceObject); // The device object
created
----------------------------------------------------------------------------------------------------------------------------
Can anyone give me some tips as to why adding the PnP routine forces
the system to crash
Please let me know if you want some further information
Thanks and regards
Abhishek
Doron Holan [MS]
2006-05-11 06:35:23 UTC
Permalink
you need to fix your symbols by executing

.symfix
.reload /f

the issue is probably nowhere near IoAttachDeviceToDeviceStack but you are
getting a false positive b/c the symbols are wrong. i assume KernelWDC_I2C
is your driver, you should fix the symbols for that as well.

d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by a***@rediffmail.com
Hello Doron
First of all let me thank you for replying to my posting. I did try to
analyze the crash dump, but couldnot conclusively decide the reason of
the crash, as I am fairly new to windows environment.
To further our discussion I am pasting a copy of the !analyze -v
command results. Please take a look
----------------------------------------------------------------------------------------------------------------------------------------
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Arg1: c0000005, The exception code that was not handled
Arg2: f789b34a, The address that the exception occurred at
Arg3: f78ea8d0, Exception Record Address
Arg4: f78ea5cc, Context Record Address
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
KernelWDC_I2C+434a
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
EXCEPTION_PARAMETER1: f78ea8d0
CONTEXT: f78ea5cc -- (.cxr fffffffff78ea5cc)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=8498a830
edi=84228290
eip=f789b34a esp=f78ea998 ebp=f78ea9c0 iopl=0 nv up ei ng nz ac
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010292
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
ds:0023:00000010=????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from f789b0e0 to f789b34a
WARNING: Stack unwind information not available. Following frames may
be wrong.
f78ea9c0 f789b0e0 00000000 84228290 00000001 KernelWDC_I2C+0x434a
f78ea9e8 8050d085 8498a830 84228290 e195a090 KernelWDC_I2C+0x40e0
f78eaa00 805a4f21 f789b020 00000004 00000001
nt!IoAttachDeviceToDeviceStack+0x137
f78eaac8 805a0c7b 00000000 02000001 00000000 nt!RtlUpperChar+0x2460
f78ead24 80624989 83e28008 00000001 00000000 nt!IoCreateDevice+0x889
f78ead54 8050c438 00000003 805605c0 805694fc
nt!IoReportTargetDeviceChange+0xe68
f78ead7c 804e23b5 00000000 00000000 863c23c8
nt!IoInvalidateDeviceRelations+0x303
f78eadac 80574128 00000000 00000000 00000000 nt!KeRemoveQueue+0x221
f78eaddc 804efc81 804e22f1 00000001 00000000
nt!PsCreateSystemThread+0x70
00000000 00000000 00000000 00000000 00000000
nt!KeInitializeTimerEx+0x1e6
KernelWDC_I2C+434a
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: KernelWDC_I2C+434a
MODULE_NAME: KernelWDC_I2C
IMAGE_NAME: KernelWDC_I2C.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 44450179
STACK_COMMAND: .cxr fffffffff78ea5cc ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
-----------------------------------------------------------------------------------------------------------------------------------
Is the problem with IoAttachDeviceToDeviceStack() ? If so, why does the
system not crash when I comment of the PnP routine?
Looking forward for some tips
Abhishek
Post by Doron Holan [MS]
where in the routine does the crash occur? what is the bugcheck code and
callstack ? the output of !analyze -v?
d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by a***@rediffmail.com
Hello
I want to implement a WDM Child Display Driver and request I2C
interface
from display driver which I am going to use to send the DDC/CI data to
Monitor.
Intially, just to test the I2C interface, I added the I2C routines in
the AddDevice() function and was able to get a pointer for the
I2CInterface. But there might be a problem with this, since I was never
able to call i2copen() function after this.( The system crashes ).
Later I tried to modify the driver, and add the required dispatch
routines. But as soon as i add the PnP dispatch routine the system
crashes!!
My DriverEntry() looks like this
---------------------------------------------------------------------------------------------------------------------------------
DriverObject->MajorFunction[IRP_MJ_CREATE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] =
I2C_WDMDispatch;
DriverObject->DriverUnload = I2C_WDMDriverUnload;
DriverObject->MajorFunction[IRP_MJ_PNP] = I2C_WDMDispatchPnp;
//PnP routine
DriverObject->MajorFunction[IRP_MJ_POWER] =
I2C_WDMDispatchPower; //Power Mangement
DriverObject->MajorFunction[IRP_MJ_SYSTEM_CONTROL] =
I2C_WDMDispatchSystemControl;
DriverObject->DriverExtension->AddDevice = I2C_WDMAddDevice; //
AddDevice
------------------------------------------------------------------------------------------------------------------------------
and the IoCreateDevice function has been called with the following
parameters
--------------------------------------------------------------------------------------------------------------------------
IoCreateDevice ( DriverObject,
// our driver object
sizeof (FDO_DATA), // device object extension
size
NULL, // FDOs do not have
names
FILE_DEVICE_VIDEO, // Video device
FILE_DEVICE_SECURE_OPEN, //
FALSE,
&deviceObject); // The device object
created
----------------------------------------------------------------------------------------------------------------------------
Can anyone give me some tips as to why adding the PnP routine forces
the system to crash
Please let me know if you want some further information
Thanks and regards
Abhishek
a***@rediffmail.com
2006-05-12 05:15:50 UTC
Permalink
Hello Doron

I have WinDbg version 6.3.003.3. Well when I tried to use .symfix
command, there is no response. So I am manually installing the symbols
from microsoft website.
Could you please eloborate a bit more when you say that I need to fix
the symbols for the driver too! Yes KernelWDC_I2C is my driver

Thanks
Abhishek
Post by Doron Holan [MS]
you need to fix your symbols by executing
.symfix
.reload /f
the issue is probably nowhere near IoAttachDeviceToDeviceStack but you are
getting a false positive b/c the symbols are wrong. i assume KernelWDC_I2C
is your driver, you should fix the symbols for that as well.
d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by a***@rediffmail.com
Hello Doron
First of all let me thank you for replying to my posting. I did try to
analyze the crash dump, but couldnot conclusively decide the reason of
the crash, as I am fairly new to windows environment.
To further our discussion I am pasting a copy of the !analyze -v
command results. Please take a look
----------------------------------------------------------------------------------------------------------------------------------------
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Arg1: c0000005, The exception code that was not handled
Arg2: f789b34a, The address that the exception occurred at
Arg3: f78ea8d0, Exception Record Address
Arg4: f78ea5cc, Context Record Address
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
KernelWDC_I2C+434a
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
EXCEPTION_PARAMETER1: f78ea8d0
CONTEXT: f78ea5cc -- (.cxr fffffffff78ea5cc)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=8498a830
edi=84228290
eip=f789b34a esp=f78ea998 ebp=f78ea9c0 iopl=0 nv up ei ng nz ac
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010292
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
ds:0023:00000010=????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from f789b0e0 to f789b34a
WARNING: Stack unwind information not available. Following frames may
be wrong.
f78ea9c0 f789b0e0 00000000 84228290 00000001 KernelWDC_I2C+0x434a
f78ea9e8 8050d085 8498a830 84228290 e195a090 KernelWDC_I2C+0x40e0
f78eaa00 805a4f21 f789b020 00000004 00000001
nt!IoAttachDeviceToDeviceStack+0x137
f78eaac8 805a0c7b 00000000 02000001 00000000 nt!RtlUpperChar+0x2460
f78ead24 80624989 83e28008 00000001 00000000 nt!IoCreateDevice+0x889
f78ead54 8050c438 00000003 805605c0 805694fc
nt!IoReportTargetDeviceChange+0xe68
f78ead7c 804e23b5 00000000 00000000 863c23c8
nt!IoInvalidateDeviceRelations+0x303
f78eadac 80574128 00000000 00000000 00000000 nt!KeRemoveQueue+0x221
f78eaddc 804efc81 804e22f1 00000001 00000000
nt!PsCreateSystemThread+0x70
00000000 00000000 00000000 00000000 00000000
nt!KeInitializeTimerEx+0x1e6
KernelWDC_I2C+434a
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: KernelWDC_I2C+434a
MODULE_NAME: KernelWDC_I2C
IMAGE_NAME: KernelWDC_I2C.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 44450179
STACK_COMMAND: .cxr fffffffff78ea5cc ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
-----------------------------------------------------------------------------------------------------------------------------------
Is the problem with IoAttachDeviceToDeviceStack() ? If so, why does the
system not crash when I comment of the PnP routine?
Looking forward for some tips
Abhishek
Post by Doron Holan [MS]
where in the routine does the crash occur? what is the bugcheck code and
callstack ? the output of !analyze -v?
d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by a***@rediffmail.com
Hello
I want to implement a WDM Child Display Driver and request I2C
interface
from display driver which I am going to use to send the DDC/CI data to
Monitor.
Intially, just to test the I2C interface, I added the I2C routines in
the AddDevice() function and was able to get a pointer for the
I2CInterface. But there might be a problem with this, since I was never
able to call i2copen() function after this.( The system crashes ).
Later I tried to modify the driver, and add the required dispatch
routines. But as soon as i add the PnP dispatch routine the system
crashes!!
My DriverEntry() looks like this
---------------------------------------------------------------------------------------------------------------------------------
DriverObject->MajorFunction[IRP_MJ_CREATE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] =
I2C_WDMDispatch;
DriverObject->DriverUnload = I2C_WDMDriverUnload;
DriverObject->MajorFunction[IRP_MJ_PNP] = I2C_WDMDispatchPnp;
//PnP routine
DriverObject->MajorFunction[IRP_MJ_POWER] =
I2C_WDMDispatchPower; //Power Mangement
DriverObject->MajorFunction[IRP_MJ_SYSTEM_CONTROL] =
I2C_WDMDispatchSystemControl;
DriverObject->DriverExtension->AddDevice = I2C_WDMAddDevice; //
AddDevice
------------------------------------------------------------------------------------------------------------------------------
and the IoCreateDevice function has been called with the following
parameters
--------------------------------------------------------------------------------------------------------------------------
IoCreateDevice ( DriverObject,
// our driver object
sizeof (FDO_DATA), // device object extension
size
NULL, // FDOs do not have
names
FILE_DEVICE_VIDEO, // Video device
FILE_DEVICE_SECURE_OPEN, //
FALSE,
&deviceObject); // The device object
created
----------------------------------------------------------------------------------------------------------------------------
Can anyone give me some tips as to why adding the PnP routine forces
the system to crash
Please let me know if you want some further information
Thanks and regards
Abhishek
Steve Dispensa
2006-05-12 05:51:38 UTC
Permalink
After you type .symfix at the > prompt, type .sympath - what do you see?
.symfix should say something like "no downstream store given"...

As for getting symbols for your driver, look for the .pdb file that is
produced by your build output and put it on the debugger host in your symbol
path (which you'll have to add to the thing .symfix sets up, perhaps using
.sympath+). Type !sym noisy if you want to see additional symbol loading
information from the debugger.

-Steve

On 5/12/06 12:15 AM, in article
Post by a***@rediffmail.com
Hello Doron
I have WinDbg version 6.3.003.3. Well when I tried to use .symfix
command, there is no response. So I am manually installing the symbols
from microsoft website.
Could you please eloborate a bit more when you say that I need to fix
the symbols for the driver too! Yes KernelWDC_I2C is my driver
Thanks
Abhishek
Post by Doron Holan [MS]
you need to fix your symbols by executing
.symfix
.reload /f
the issue is probably nowhere near IoAttachDeviceToDeviceStack but you are
getting a false positive b/c the symbols are wrong. i assume KernelWDC_I2C
is your driver, you should fix the symbols for that as well.
d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by a***@rediffmail.com
Hello Doron
First of all let me thank you for replying to my posting. I did try to
analyze the crash dump, but couldnot conclusively decide the reason of
the crash, as I am fairly new to windows environment.
To further our discussion I am pasting a copy of the !analyze -v
command results. Please take a look
----------------------------------------------------------------------------
------------------------------------------------------------
****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address
pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this
address.
Arg1: c0000005, The exception code that was not handled
Arg2: f789b34a, The address that the exception occurred at
Arg3: f78ea8d0, Exception Record Address
Arg4: f78ea5cc, Context Record Address
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
KernelWDC_I2C+434a
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
EXCEPTION_PARAMETER1: f78ea8d0
CONTEXT: f78ea5cc -- (.cxr fffffffff78ea5cc)
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=8498a830
edi=84228290
eip=f789b34a esp=f78ea998 ebp=f78ea9c0 iopl=0 nv up ei ng nz ac
pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010292
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
ds:0023:00000010=????????
Resetting default scope
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0x7E
LAST_CONTROL_TRANSFER: from f789b0e0 to f789b34a
WARNING: Stack unwind information not available. Following frames may
be wrong.
f78ea9c0 f789b0e0 00000000 84228290 00000001 KernelWDC_I2C+0x434a
f78ea9e8 8050d085 8498a830 84228290 e195a090 KernelWDC_I2C+0x40e0
f78eaa00 805a4f21 f789b020 00000004 00000001
nt!IoAttachDeviceToDeviceStack+0x137
f78eaac8 805a0c7b 00000000 02000001 00000000 nt!RtlUpperChar+0x2460
f78ead24 80624989 83e28008 00000001 00000000 nt!IoCreateDevice+0x889
f78ead54 8050c438 00000003 805605c0 805694fc
nt!IoReportTargetDeviceChange+0xe68
f78ead7c 804e23b5 00000000 00000000 863c23c8
nt!IoInvalidateDeviceRelations+0x303
f78eadac 80574128 00000000 00000000 00000000 nt!KeRemoveQueue+0x221
f78eaddc 804efc81 804e22f1 00000001 00000000
nt!PsCreateSystemThread+0x70
00000000 00000000 00000000 00000000 00000000
nt!KeInitializeTimerEx+0x1e6
KernelWDC_I2C+434a
f789b34a 83781000 cmp dword ptr [eax+0x10],0x0
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: KernelWDC_I2C+434a
MODULE_NAME: KernelWDC_I2C
IMAGE_NAME: KernelWDC_I2C.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 44450179
STACK_COMMAND: .cxr fffffffff78ea5cc ; kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
---------
----------------------------------------------------------------------------
-------------------------------------------------------
Is the problem with IoAttachDeviceToDeviceStack() ? If so, why does the
system not crash when I comment of the PnP routine?
Looking forward for some tips
Abhishek
Post by Doron Holan [MS]
where in the routine does the crash occur? what is the bugcheck code and
callstack ? the output of !analyze -v?
d
--
Please do not send e-mail directly to this alias. this alias is for
newsgroup purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by a***@rediffmail.com
Hello
I want to implement a WDM Child Display Driver and request I2C
interface
from display driver which I am going to use to send the DDC/CI data to
Monitor.
Intially, just to test the I2C interface, I added the I2C routines in
the AddDevice() function and was able to get a pointer for the
I2CInterface. But there might be a problem with this, since I was never
able to call i2copen() function after this.( The system crashes ).
Later I tried to modify the driver, and add the required dispatch
routines. But as soon as i add the PnP dispatch routine the system
crashes!!
My DriverEntry() looks like this
--------------------------------------------------------------------------
-------------------------------------------------------
DriverObject->MajorFunction[IRP_MJ_CREATE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
I2C_WDMDispatch;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] =
I2C_WDMDispatch;
DriverObject->DriverUnload = I2C_WDMDriverUnload;
DriverObject->MajorFunction[IRP_MJ_PNP] = I2C_WDMDispatchPnp;
//PnP routine
DriverObject->MajorFunction[IRP_MJ_POWER] =
I2C_WDMDispatchPower; //Power Mangement
DriverObject->MajorFunction[IRP_MJ_SYSTEM_CONTROL] =
I2C_WDMDispatchSystemControl;
DriverObject->DriverExtension->AddDevice = I2C_WDMAddDevice; //
AddDevice
--------------------------------------------------------------------------
----------------------------------------------------
and the IoCreateDevice function has been called with the following
parameters
--------------------------------------------------------------------------
------------------------------------------------
IoCreateDevice ( DriverObject,
// our driver object
sizeof (FDO_DATA), // device object extension
size
NULL, // FDOs do not have
names
FILE_DEVICE_VIDEO, // Video device
FILE_DEVICE_SECURE_OPEN, //
FALSE,
&deviceObject); // The device object
created
--------------------------------------------------------------------------
--------------------------------------------------
Can anyone give me some tips as to why adding the PnP routine forces
the system to crash
Please let me know if you want some further information
Thanks and regards
Abhishek
Maxim S. Shatskih
2006-05-12 07:18:14 UTC
Permalink
.symfix is used this way:

- create a temporary directory for a cache, where the downloaded symbol
files will be put. Note: if you are analyzing the dump, the OS binaries
(NTOSKRNL and others) are also downloaded from the Symbol Server.
- then:
.symfix ThisCacheDirectory
- then
lm
to look at loaded modules and their symbol status.
- if the symbol status for some module is wrong ("no symbols" or "export
symbols"), then
.reload modulename.sys
or
.reload nt
for the kernel itself
- to check that the symbols are loaded OK, use:
x ModuleName!*
it must dump all functions from the module and their addresses.

Now about your driver symbols:
- create one more temporary directory for symbols.
- on each rebuild, copy the SYS/DBG/PDB files of your driver there.
- after .symfix, add it to the symbol path of the debugger before the
Symbol Server's path - either using File/Symbol File Path, or using:
.sympath + NewDir
- then do the same - first try:
x DriverName!*
if this has issues, say:
lm
and look at symbol load status of your driver.

".sym noisy" turns on the tracing for symbol loading. Can be helpful. Also
note - you can save a workspace after setting up the symbol path, and then will
not need to ever print ".symfix" or ".sympath +."

Note: the symbol files are monopolistically locked by the debugger - I
think it maps them to memory. So, do not try to load your driver's symbols from
the build target path itself - you will not be able to rebuild with the
debugger running.

To unload the symbols from the debugger:
- reboot the target using the Windows features on the target or using
".reboot" from the debugger, NOT using the target's Reset switch on the front
panel. This forces the debugger to unload all symbols.
OR
- .reload /u ModuleName.sys
OR
- close the debugger at all and reopen it :-)

Usually, my sequence of driver rebuild is:
- build -c
- arrow-up+Enter in the command line, this invokes the "copy" command of
SYS file to the target using SMB
- reboot the target using its UI
- wait for WinDbg to say "Unloaded all symbol tables" on target reboot
- arrow-up+Enter in the command line, this invokes the "copy" command of
the symbols to the WinDbg's temporary symbol directory. This can be done fast
enough so the target's kernel will not load yet.

With such an approach, I have no issues with source files too. The source
file full pathnames are embedded to the PDB file, so, with checked build, no
problems at all. The only problem which was in the old WinDbg version was the
nasty collision between 2 source files with the same short name, but in
different build dirs (like "dir1\internal.c" and "dir2\internal.c").

With all of these, I never had any WinDbg symbol issues for years.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
***@storagecraft.com
http://www.storagecraft.com
a***@rediffmail.com
2006-05-12 10:01:38 UTC
Permalink
Hello Maxim

Before I begin with your procedure, I should let you know that I am
trying .symfix, but this is what the debugger shows and then there is
no response

kd> .symfix D:/symbols
Symbol search path is:
SRV*D:/symbols*http://msdl.microsoft.com/download/symbols

So I had manually stored the symbols into my system. Now I am using the
graphical version of winDbg. So when I set the symbol path to the place
where I have downloaded the symbols, and then say lm, I get this

kd> lm
start end module name
804d7000 806fd000 nt (export symbols) ntkrnlmp.exe
806fd000 8071dd00 hal (deferred)
bf800000 bf9c1180 win32k (deferred)
bf9c2000 bf9d3580 dxg (deferred)
bf9d4000 bf9e1000 ialmrnt5 (deferred)
bf9e1000 bfa03000 ialmdnt5 (deferred)
bfa03000 bfa30e00 ialmdev5 (deferred)
bfa31000 bfaa7000 ialmdd5 (deferred)
ed1ad000 ed1d6f00 kmixer (deferred)
ed1d7000 ed1f1000 EraserUtilDrv10614 (deferred)
ed473000 ed484980 naveng (deferred)
ed485000 ed546b40 navex15 (deferred)
ed547000 ed59c000 savrt (deferred)
ed7f4000 ed834100 HTTP (deferred)
eddf5000 eddf7f60 SYMREDRV (deferred)
ee071000 ee074600 prepdrv (deferred)
ee3ca000 ee3de400 wdmaud (deferred)
ee597000 ee5e8300 srv (deferred)
ee619000 ee627d80 sysaudio (deferred)
ee799000 ee79cca0 multiice (deferred)
ee7a1000 ee7cd400 mrxdav (deferred)
ee7ce000 ee81e400 mvfs50 (deferred)
eeb33000 eeb36280 ndisuio (deferred)
eec2f000 eec46480 dump_atapi (deferred)
eec47000 eec99000 eeCtrl (deferred)
eecc1000 eed2f400 mrxsmb (deferred)
eed30000 eed5aa00 rdbss (deferred)
eed5b000 eed6f000 Savrtpel (deferred)
eed6f000 eed90d00 afd (deferred)
eed91000 eedb8c00 netbt (deferred)
eedb9000 eedd5be0 SYMEVENT (deferred)
eedd6000 eee15ce0 SYMTDI (deferred)
eee16000 eee6dd80 tcpip (deferred)
eee6e000 eee80400 ipsec (deferred)
eeea5000 eeea7900 Dxapi (deferred)
eef69000 eef84b60 ialmsbw (deferred)
eef85000 eef983a0 ialmkchw (deferred)
f7041000 f7074200 update (deferred)
f7075000 f70a5100 rdpdr (deferred)
f70a6000 f70b6e00 psched (deferred)
f70b7000 f70cd680 ndiswan (deferred)
f70ce000 f70f1980 portcls (deferred)
f70f2000 f717fd80 smwdm (deferred)
f71af000 f71d1680 ks (deferred)
f71d2000 f71e5900 parport (deferred)
f71e6000 f7209800 e100b325 (deferred)
f720a000 f722ce80 USBPORT (deferred)
f722d000 f72432e0 ialmnt5 (deferred)
f7244000 f7257780 VIDEOPRT (deferred)
f725c000 f725fc80 mssmbios (deferred)
f7278000 f727a580 ndistapi (deferred)
f72b1000 f72cb580 Mup (deferred)
f72cc000 f72f8a80 NDIS (deferred)
f72f9000 f7385480 Ntfs (deferred)
f7386000 f739c780 KSecDD (deferred)
f739d000 f73bb780 fltmgr (deferred)
f73bc000 f73d3480 atapi (deferred)
f73d4000 f73f9700 dmio (deferred)
f73fa000 f7418880 ftdisk (deferred)
f7419000 f7436480 pcmcia (deferred)
f7437000 f7447a80 pci (deferred)
f7448000 f7475d80 ACPI (deferred)
f7497000 f749fc00 isapnp (deferred)
f74a7000 f74b1500 MountMgr (deferred)
f74b7000 f74c3c80 VolSnap (deferred)
f74c7000 f74cfe00 disk (deferred)
f74d7000 f74e3200 CLASSPNP (deferred)
f74e7000 f74f0c80 FileHook (deferred)
f7517000 f751fd00 intelppm (deferred)
f7527000 f7533e00 i8042prt (deferred)
f7537000 f7543180 cdrom (deferred)
f7547000 f7555080 redbook (deferred)
f7557000 f7565b80 drmk (deferred)
f7567000 f7573880 rasl2tp (deferred)
f7577000 f7581200 raspppoe (deferred)
f7587000 f7592d00 raspptp (deferred)
f7597000 f759f900 msgpc (deferred)
f75c7000 f75d0f00 termdd (deferred)
f75d7000 f75e0480 NDProxy (deferred)
f7607000 f7615100 usbhub (deferred)
f7617000 f761f700 netbios (deferred)
f7667000 f766f880 Fips (deferred)
f7677000 f767f700 wanarp (deferred)
f7687000 f768fd80 HIDCLASS (deferred)
f76e7000 f76f6900 Cdfs (deferred)
f7717000 f771d200 PCIIDEX (deferred)
f771f000 f77230e0 winroute (deferred)
f7727000 f772b900 PartMgr (deferred)
f77af000 f77b3500 watchdog (deferred)
f77f7000 f77fd000 kbdclass (deferred)
f77ff000 f7804a00 mouclass (deferred)
f7807000 f780c000 usbuhci (deferred)
f780f000 f7815800 usbehci (deferred)
f7817000 f781e000 GEARAspiWDM (deferred)
f781f000 f7823880 TDI (deferred)
f7827000 f782b580 ptilink (deferred)
f782f000 f7833080 raspti (deferred)
f783f000 f7845180 HIDPARSE (deferred)
f7847000 f784c200 vga (deferred)
f784f000 f7853a80 Msfs (deferred)
f7857000 f785e880 Npfs (deferred)
f785f000 f7863100 safandrv (deferred)
f7867000 f786ef80 SFRes (deferred)
f7897000 f789e000 KernelWDC_I2C (no symbols)
f78a7000 f78aa000 BOOTVID (deferred)
f7953000 f7955280 rasacd (deferred)
f7957000 f795ac80 SFReg (deferred)
f796b000 f796e240 OMCI (deferred)
f797b000 f797d580 hidusb (deferred)
f797f000 f7981f80 mouhid (deferred)
f7997000 f7998b80 kdcom (deferred)
f7999000 f799a100 WMILIB (deferred)
f799b000 f799c700 dmload (deferred)
f79af000 f79b0a80 ParVdm (deferred)
f79eb000 f79ec100 dump_WMILIB (deferred)
f79f3000 f79f4300 kbstuff5 (deferred)
f79f5000 f79f6180 SFkbd (deferred)
f79f7000 f79f8280 SFMouse (deferred)
f79f9000 f79faa00 SFScsi (deferred)
f79fb000 f79fc120 aeaudio (deferred)
f79ff000 f7a00100 swenum (deferred)
f7a01000 f7a02280 USBD (deferred)
f7a03000 f7a04f00 Fs_Rec (deferred)
f7a05000 f7a06080 Beep (deferred)
f7a07000 f7a08080 mnmdd (deferred)
f7a09000 f7a0a080 RDPCDD (deferred)
f7a5f000 f7a5fd00 pciide (deferred)
f7a82000 f7a82840 idisw2km (deferred)
f7a93000 f7a93c00 audstub (deferred)
f7aaa000 f7aaad00 dxgthk (deferred)
f7ae6000 f7ae6a00 mc21 (deferred)
f7bb6000 f7bb6b80 Null (deferred)

Unloaded modules:
ed1ad000 ed1d7000 kmixer.sys
ed1ad000 ed1d7000 kmixer.sys
ed1ad000 ed1d7000 kmixer.sys
ed1f1000 ed21b000 kmixer.sys
ee37d000 ee3a7000 kmixer.sys
f7b89000 f7b8a000 drmkaud.sys
ee4d7000 ee4e4000 DMusic.sys
ee4e7000 ee4f5000 swmidi.sys
ee3a7000 ee3ca000 aec.sys
f79bd000 f79bf000 splitter.sys
ed473000 ed485000 naveng.sys
ed485000 ed547000 navex15.sys
ed473000 ed485000 naveng.sys
ed485000 ed547000 navex15.sys
f7657000 f7662000 imapi.sys
f7637000 f7640000 processr.sys
f7627000 f7637000 serial.sys
f794f000 f7953000 kbdhid.sys
f7837000 f783c000 Cdaudio.SYS
f794b000 f794e000 Sfloppy.SYS

Clearly indiacting that my kernel symbols have not been loaded. Why
does symfix not work for me? Do I need to upgrade WinDbg ( Current
version 6.3.003.3)

Thanks
Abhishek
Post by Maxim S. Shatskih
- create a temporary directory for a cache, where the downloaded symbol
files will be put. Note: if you are analyzing the dump, the OS binaries
(NTOSKRNL and others) are also downloaded from the Symbol Server.
.symfix ThisCacheDirectory
- then
lm
to look at loaded modules and their symbol status.
- if the symbol status for some module is wrong ("no symbols" or "export
symbols"), then
.reload modulename.sys
or
.reload nt
for the kernel itself
x ModuleName!*
it must dump all functions from the module and their addresses.
- create one more temporary directory for symbols.
- on each rebuild, copy the SYS/DBG/PDB files of your driver there.
- after .symfix, add it to the symbol path of the debugger before the
.sympath + NewDir
x DriverName!*
lm
and look at symbol load status of your driver.
".sym noisy" turns on the tracing for symbol loading. Can be helpful. Also
note - you can save a workspace after setting up the symbol path, and then will
not need to ever print ".symfix" or ".sympath +."
Note: the symbol files are monopolistically locked by the debugger - I
think it maps them to memory. So, do not try to load your driver's symbols from
the build target path itself - you will not be able to rebuild with the
debugger running.
- reboot the target using the Windows features on the target or using
".reboot" from the debugger, NOT using the target's Reset switch on the front
panel. This forces the debugger to unload all symbols.
OR
- .reload /u ModuleName.sys
OR
- close the debugger at all and reopen it :-)
- build -c
- arrow-up+Enter in the command line, this invokes the "copy" command of
SYS file to the target using SMB
- reboot the target using its UI
- wait for WinDbg to say "Unloaded all symbol tables" on target reboot
- arrow-up+Enter in the command line, this invokes the "copy" command of
the symbols to the WinDbg's temporary symbol directory. This can be done fast
enough so the target's kernel will not load yet.
With such an approach, I have no issues with source files too. The source
file full pathnames are embedded to the PDB file, so, with checked build, no
problems at all. The only problem which was in the old WinDbg version was the
nasty collision between 2 source files with the same short name, but in
different build dirs (like "dir1\internal.c" and "dir2\internal.c").
With all of these, I never had any WinDbg symbol issues for years.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
Skywing
2006-05-12 14:29:53 UTC
Permalink
Try the `!sym noisy' command and then the `.reload nt' command and posting
the output?
Post by a***@rediffmail.com
Hello Maxim
Before I begin with your procedure, I should let you know that I am
trying .symfix, but this is what the debugger shows and then there is
no response
kd> .symfix D:/symbols
SRV*D:/symbols*http://msdl.microsoft.com/download/symbols
So I had manually stored the symbols into my system. Now I am using the
graphical version of winDbg. So when I set the symbol path to the place
where I have downloaded the symbols, and then say lm, I get this
kd> lm
start end module name
804d7000 806fd000 nt (export symbols) ntkrnlmp.exe
806fd000 8071dd00 hal (deferred)
bf800000 bf9c1180 win32k (deferred)
bf9c2000 bf9d3580 dxg (deferred)
bf9d4000 bf9e1000 ialmrnt5 (deferred)
bf9e1000 bfa03000 ialmdnt5 (deferred)
bfa03000 bfa30e00 ialmdev5 (deferred)
bfa31000 bfaa7000 ialmdd5 (deferred)
ed1ad000 ed1d6f00 kmixer (deferred)
ed1d7000 ed1f1000 EraserUtilDrv10614 (deferred)
ed473000 ed484980 naveng (deferred)
ed485000 ed546b40 navex15 (deferred)
ed547000 ed59c000 savrt (deferred)
ed7f4000 ed834100 HTTP (deferred)
eddf5000 eddf7f60 SYMREDRV (deferred)
ee071000 ee074600 prepdrv (deferred)
ee3ca000 ee3de400 wdmaud (deferred)
ee597000 ee5e8300 srv (deferred)
ee619000 ee627d80 sysaudio (deferred)
ee799000 ee79cca0 multiice (deferred)
ee7a1000 ee7cd400 mrxdav (deferred)
ee7ce000 ee81e400 mvfs50 (deferred)
eeb33000 eeb36280 ndisuio (deferred)
eec2f000 eec46480 dump_atapi (deferred)
eec47000 eec99000 eeCtrl (deferred)
eecc1000 eed2f400 mrxsmb (deferred)
eed30000 eed5aa00 rdbss (deferred)
eed5b000 eed6f000 Savrtpel (deferred)
eed6f000 eed90d00 afd (deferred)
eed91000 eedb8c00 netbt (deferred)
eedb9000 eedd5be0 SYMEVENT (deferred)
eedd6000 eee15ce0 SYMTDI (deferred)
eee16000 eee6dd80 tcpip (deferred)
eee6e000 eee80400 ipsec (deferred)
eeea5000 eeea7900 Dxapi (deferred)
eef69000 eef84b60 ialmsbw (deferred)
eef85000 eef983a0 ialmkchw (deferred)
f7041000 f7074200 update (deferred)
f7075000 f70a5100 rdpdr (deferred)
f70a6000 f70b6e00 psched (deferred)
f70b7000 f70cd680 ndiswan (deferred)
f70ce000 f70f1980 portcls (deferred)
f70f2000 f717fd80 smwdm (deferred)
f71af000 f71d1680 ks (deferred)
f71d2000 f71e5900 parport (deferred)
f71e6000 f7209800 e100b325 (deferred)
f720a000 f722ce80 USBPORT (deferred)
f722d000 f72432e0 ialmnt5 (deferred)
f7244000 f7257780 VIDEOPRT (deferred)
f725c000 f725fc80 mssmbios (deferred)
f7278000 f727a580 ndistapi (deferred)
f72b1000 f72cb580 Mup (deferred)
f72cc000 f72f8a80 NDIS (deferred)
f72f9000 f7385480 Ntfs (deferred)
f7386000 f739c780 KSecDD (deferred)
f739d000 f73bb780 fltmgr (deferred)
f73bc000 f73d3480 atapi (deferred)
f73d4000 f73f9700 dmio (deferred)
f73fa000 f7418880 ftdisk (deferred)
f7419000 f7436480 pcmcia (deferred)
f7437000 f7447a80 pci (deferred)
f7448000 f7475d80 ACPI (deferred)
f7497000 f749fc00 isapnp (deferred)
f74a7000 f74b1500 MountMgr (deferred)
f74b7000 f74c3c80 VolSnap (deferred)
f74c7000 f74cfe00 disk (deferred)
f74d7000 f74e3200 CLASSPNP (deferred)
f74e7000 f74f0c80 FileHook (deferred)
f7517000 f751fd00 intelppm (deferred)
f7527000 f7533e00 i8042prt (deferred)
f7537000 f7543180 cdrom (deferred)
f7547000 f7555080 redbook (deferred)
f7557000 f7565b80 drmk (deferred)
f7567000 f7573880 rasl2tp (deferred)
f7577000 f7581200 raspppoe (deferred)
f7587000 f7592d00 raspptp (deferred)
f7597000 f759f900 msgpc (deferred)
f75c7000 f75d0f00 termdd (deferred)
f75d7000 f75e0480 NDProxy (deferred)
f7607000 f7615100 usbhub (deferred)
f7617000 f761f700 netbios (deferred)
f7667000 f766f880 Fips (deferred)
f7677000 f767f700 wanarp (deferred)
f7687000 f768fd80 HIDCLASS (deferred)
f76e7000 f76f6900 Cdfs (deferred)
f7717000 f771d200 PCIIDEX (deferred)
f771f000 f77230e0 winroute (deferred)
f7727000 f772b900 PartMgr (deferred)
f77af000 f77b3500 watchdog (deferred)
f77f7000 f77fd000 kbdclass (deferred)
f77ff000 f7804a00 mouclass (deferred)
f7807000 f780c000 usbuhci (deferred)
f780f000 f7815800 usbehci (deferred)
f7817000 f781e000 GEARAspiWDM (deferred)
f781f000 f7823880 TDI (deferred)
f7827000 f782b580 ptilink (deferred)
f782f000 f7833080 raspti (deferred)
f783f000 f7845180 HIDPARSE (deferred)
f7847000 f784c200 vga (deferred)
f784f000 f7853a80 Msfs (deferred)
f7857000 f785e880 Npfs (deferred)
f785f000 f7863100 safandrv (deferred)
f7867000 f786ef80 SFRes (deferred)
f7897000 f789e000 KernelWDC_I2C (no symbols)
f78a7000 f78aa000 BOOTVID (deferred)
f7953000 f7955280 rasacd (deferred)
f7957000 f795ac80 SFReg (deferred)
f796b000 f796e240 OMCI (deferred)
f797b000 f797d580 hidusb (deferred)
f797f000 f7981f80 mouhid (deferred)
f7997000 f7998b80 kdcom (deferred)
f7999000 f799a100 WMILIB (deferred)
f799b000 f799c700 dmload (deferred)
f79af000 f79b0a80 ParVdm (deferred)
f79eb000 f79ec100 dump_WMILIB (deferred)
f79f3000 f79f4300 kbstuff5 (deferred)
f79f5000 f79f6180 SFkbd (deferred)
f79f7000 f79f8280 SFMouse (deferred)
f79f9000 f79faa00 SFScsi (deferred)
f79fb000 f79fc120 aeaudio (deferred)
f79ff000 f7a00100 swenum (deferred)
f7a01000 f7a02280 USBD (deferred)
f7a03000 f7a04f00 Fs_Rec (deferred)
f7a05000 f7a06080 Beep (deferred)
f7a07000 f7a08080 mnmdd (deferred)
f7a09000 f7a0a080 RDPCDD (deferred)
f7a5f000 f7a5fd00 pciide (deferred)
f7a82000 f7a82840 idisw2km (deferred)
f7a93000 f7a93c00 audstub (deferred)
f7aaa000 f7aaad00 dxgthk (deferred)
f7ae6000 f7ae6a00 mc21 (deferred)
f7bb6000 f7bb6b80 Null (deferred)
ed1ad000 ed1d7000 kmixer.sys
ed1ad000 ed1d7000 kmixer.sys
ed1ad000 ed1d7000 kmixer.sys
ed1f1000 ed21b000 kmixer.sys
ee37d000 ee3a7000 kmixer.sys
f7b89000 f7b8a000 drmkaud.sys
ee4d7000 ee4e4000 DMusic.sys
ee4e7000 ee4f5000 swmidi.sys
ee3a7000 ee3ca000 aec.sys
f79bd000 f79bf000 splitter.sys
ed473000 ed485000 naveng.sys
ed485000 ed547000 navex15.sys
ed473000 ed485000 naveng.sys
ed485000 ed547000 navex15.sys
f7657000 f7662000 imapi.sys
f7637000 f7640000 processr.sys
f7627000 f7637000 serial.sys
f794f000 f7953000 kbdhid.sys
f7837000 f783c000 Cdaudio.SYS
f794b000 f794e000 Sfloppy.SYS
Clearly indiacting that my kernel symbols have not been loaded. Why
does symfix not work for me? Do I need to upgrade WinDbg ( Current
version 6.3.003.3)
Thanks
Abhishek
Post by Maxim S. Shatskih
- create a temporary directory for a cache, where the downloaded symbol
files will be put. Note: if you are analyzing the dump, the OS binaries
(NTOSKRNL and others) are also downloaded from the Symbol Server.
.symfix ThisCacheDirectory
- then
lm
to look at loaded modules and their symbol status.
- if the symbol status for some module is wrong ("no symbols" or "export
symbols"), then
.reload modulename.sys
or
.reload nt
for the kernel itself
x ModuleName!*
it must dump all functions from the module and their addresses.
- create one more temporary directory for symbols.
- on each rebuild, copy the SYS/DBG/PDB files of your driver there.
- after .symfix, add it to the symbol path of the debugger before the
.sympath + NewDir
x DriverName!*
lm
and look at symbol load status of your driver.
".sym noisy" turns on the tracing for symbol loading. Can be helpful. Also
note - you can save a workspace after setting up the symbol path, and then will
not need to ever print ".symfix" or ".sympath +."
Note: the symbol files are monopolistically locked by the debugger - I
think it maps them to memory. So, do not try to load your driver's symbols from
the build target path itself - you will not be able to rebuild with the
debugger running.
- reboot the target using the Windows features on the target or using
".reboot" from the debugger, NOT using the target's Reset switch on the front
panel. This forces the debugger to unload all symbols.
OR
- .reload /u ModuleName.sys
OR
- close the debugger at all and reopen it :-)
- build -c
- arrow-up+Enter in the command line, this invokes the "copy" command of
SYS file to the target using SMB
- reboot the target using its UI
- wait for WinDbg to say "Unloaded all symbol tables" on target reboot
- arrow-up+Enter in the command line, this invokes the "copy" command of
the symbols to the WinDbg's temporary symbol directory. This can be done fast
enough so the target's kernel will not load yet.
With such an approach, I have no issues with source files too. The source
file full pathnames are embedded to the PDB file, so, with checked build, no
problems at all. The only problem which was in the old WinDbg version was the
nasty collision between 2 source files with the same short name, but in
different build dirs (like "dir1\internal.c" and "dir2\internal.c").
With all of these, I never had any WinDbg symbol issues for years.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
Maxim S. Shatskih
2006-05-12 15:11:12 UTC
Permalink
Post by a***@rediffmail.com
Clearly indiacting that my kernel symbols have not been loaded. Why
does symfix not work for me? Do I need to upgrade WinDbg ( Current
Read my previous email more carefully.

.symfix does not reload anything. If you have the wrong symbols loaded ("export
symbols" or "no symbols") - then you must unload them:

.reload /u nt

and load the new ones after .symfix:

.reload nt
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
***@storagecraft.com
http://www.storagecraft.com
Skywing
2006-05-12 17:36:33 UTC
Permalink
Actually, I think the debugger will try to load symbols always if it is
using export symbols.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlpa.exe -
*******************************************************************************
WARNING: Local kernel debugging requires booting with /debug to work
optimally.
*******************************************************************************
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Fri May 12 12:31:45.546 2006 (GMT-5)
System Uptime: 0 days 0:17:19.340
lkd> lm
start end module name
804d7000 806cd280 nt (export symbols) ntkrnlpa.exe

Unloaded modules:
f9b6c000 f9b75000 processr.sys
f9cc4000 f9cc9000 Cdaudio.SYS
f9699000 f969c000 Sfloppy.SYS
lkd> .reload nt
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlpa.exe -
lkd> .symfix c:\symbols
lkd> .reload nt
lkd> lm
start end module name
804d7000 806cd280 nt (pdb symbols)
c:\symbols\ntkrnlpa.pdb\89C2A9EB56A74E2D8269AFD1D835BA331\ntkrnlpa.pdb

Unloaded modules:
f9b6c000 f9b75000 processr.sys
f9cc4000 f9cc9000 Cdaudio.SYS
f9699000 f969c000 Sfloppy.SYS

`.reload /u' is probably not what you will want and will remove the module
entirely from the debugger's list.
Post by Maxim S. Shatskih
Post by a***@rediffmail.com
Clearly indiacting that my kernel symbols have not been loaded. Why
does symfix not work for me? Do I need to upgrade WinDbg ( Current
Read my previous email more carefully.
.symfix does not reload anything. If you have the wrong symbols loaded ("export
.reload /u nt
.reload nt
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
Maxim S. Shatskih
2006-05-13 04:23:10 UTC
Permalink
It loads the kernel symbols 2 times - first on the very boot, and they are
export symbols. Then, after determining the exact version using these symbols,
it reloads the real-world symbols.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
***@storagecraft.com
http://www.storagecraft.com
Post by Skywing
Actually, I think the debugger will try to load symbols always if it is
using export symbols.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlpa.exe -
*******************************************************************************
Post by Skywing
WARNING: Local kernel debugging requires booting with /debug to work
optimally.
*******************************************************************************
Post by Skywing
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Fri May 12 12:31:45.546 2006 (GMT-5)
System Uptime: 0 days 0:17:19.340
lkd> lm
start end module name
804d7000 806cd280 nt (export symbols) ntkrnlpa.exe
f9b6c000 f9b75000 processr.sys
f9cc4000 f9cc9000 Cdaudio.SYS
f9699000 f969c000 Sfloppy.SYS
lkd> .reload nt
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlpa.exe -
lkd> .symfix c:\symbols
lkd> .reload nt
lkd> lm
start end module name
804d7000 806cd280 nt (pdb symbols)
c:\symbols\ntkrnlpa.pdb\89C2A9EB56A74E2D8269AFD1D835BA331\ntkrnlpa.pdb
f9b6c000 f9b75000 processr.sys
f9cc4000 f9cc9000 Cdaudio.SYS
f9699000 f969c000 Sfloppy.SYS
`.reload /u' is probably not what you will want and will remove the module
entirely from the debugger's list.
Post by Maxim S. Shatskih
Post by a***@rediffmail.com
Clearly indiacting that my kernel symbols have not been loaded. Why
does symfix not work for me? Do I need to upgrade WinDbg ( Current
Read my previous email more carefully.
.symfix does not reload anything. If you have the wrong symbols loaded ("export
.reload /u nt
.reload nt
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
Skywing
2006-05-13 04:34:31 UTC
Permalink
Regardless, though, `.reload modulename' (without needing a .reload /u)
should always be sufficient to cause a redetermination of what symbol files
should be used (at least for recent debugger versions, can't say about
ancient versions) - even if the debugger has already tried and failed to
load symbols and has failed back to export symbols.

If you use `.reload /u', you would need to manually recreate the module in
the debugger loaded module list (i.e. `.reload module=base,size') or it will
be gone forever and now show up in `lm' or any command that references
loaded modules using the debugger's internal list - at least, this is my
experience.
Post by Maxim S. Shatskih
It loads the kernel symbols 2 times - first on the very boot, and they are
export symbols. Then, after determining the exact version using these symbols,
it reloads the real-world symbols.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
Post by Skywing
Actually, I think the debugger will try to load symbols always if it is
using export symbols.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlpa.exe -
*******************************************************************************
Post by Skywing
WARNING: Local kernel debugging requires booting with /debug to work
optimally.
*******************************************************************************
Post by Skywing
Windows XP Kernel Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x805531a0
Debug session time: Fri May 12 12:31:45.546 2006 (GMT-5)
System Uptime: 0 days 0:17:19.340
lkd> lm
start end module name
804d7000 806cd280 nt (export symbols) ntkrnlpa.exe
f9b6c000 f9b75000 processr.sys
f9cc4000 f9cc9000 Cdaudio.SYS
f9699000 f969c000 Sfloppy.SYS
lkd> .reload nt
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntkrnlpa.exe -
lkd> .symfix c:\symbols
lkd> .reload nt
lkd> lm
start end module name
804d7000 806cd280 nt (pdb symbols)
c:\symbols\ntkrnlpa.pdb\89C2A9EB56A74E2D8269AFD1D835BA331\ntkrnlpa.pdb
f9b6c000 f9b75000 processr.sys
f9cc4000 f9cc9000 Cdaudio.SYS
f9699000 f969c000 Sfloppy.SYS
`.reload /u' is probably not what you will want and will remove the module
entirely from the debugger's list.
Post by Maxim S. Shatskih
Post by a***@rediffmail.com
Clearly indiacting that my kernel symbols have not been loaded. Why
does symfix not work for me? Do I need to upgrade WinDbg ( Current
Read my previous email more carefully.
.symfix does not reload anything. If you have the wrong symbols loaded ("export
.reload /u nt
.reload nt
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
Maxim S. Shatskih
2006-05-13 04:42:41 UTC
Permalink
Post by Skywing
If you use `.reload /u', you would need to manually recreate the module in
For me, ".reload modulename.sys" recreates the module fine after ".reload /u",
but the ".sys" suffix is yes, mandatory.

For the kernel itself, ".reload nt" always works.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
***@storagecraft.com
http://www.storagecraft.com
a***@rediffmail.com
2006-05-15 09:09:41 UTC
Permalink
Hello All
Just to continue further the discussion, I would like to tell you the
latest result.
Maxim, I am currently trying to run the debugger on the same system on
which I am running my image. As I have already mentioned I have a
graphical version of winDbg, I went to file|symbol File Path ( ctrl +
S) and gave the path of the file where windows symbols are present.
C:\Program Files\Debugging Tools for Windows\sym. Following this when I
tried "lm" I got this
--------------------------------------------------------------------------------------------------------------------------------
start end module name
804d7000 806fd000 nt (pdb symbols) C:\Program
Files\Debugging Tools for
Windows\sym\ntkrnlmp.pdb\AA1EE1B2A63A4232A379F3EFDDC4CFE82\ntkrnlmp.pdb
806fd000 8071dd00 hal (deferred)
bf800000 bf9c1180 win32k (deferred)
bf9c2000 bf9d3580 dxg (deferred)
bf9d4000 bf9e1000 ialmrnt5 (deferred)
bf9e1000 bfa03000 ialmdnt5 (deferred)
bfa03000 bfa30e00 ialmdev5 (deferred)
bfa31000 bfaa7000 ialmdd5 (deferred)
ed1ad000 ed1d6f00 kmixer (deferred)
ed1d7000 ed1f1000 EraserUtilDrv10614 (deferred)
ed473000 ed484980 naveng (deferred)
ed485000 ed546b40 navex15 (deferred)
ed547000 ed59c000 savrt (deferred)
ed7f4000 ed834100 HTTP (deferred)
eddf5000 eddf7f60 SYMREDRV (deferred)
ee071000 ee074600 prepdrv (deferred)
ee3ca000 ee3de400 wdmaud (deferred)
ee597000 ee5e8300 srv (deferred)
ee619000 ee627d80 sysaudio (deferred)
ee799000 ee79cca0 multiice (deferred)
ee7a1000 ee7cd400 mrxdav (deferred)
ee7ce000 ee81e400 mvfs50 (deferred)
eeb33000 eeb36280 ndisuio (deferred)
eec2f000 eec46480 dump_atapi (deferred)
eec47000 eec99000 eeCtrl (deferred)
eecc1000 eed2f400 mrxsmb (deferred)
eed30000 eed5aa00 rdbss (deferred)
eed5b000 eed6f000 Savrtpel (deferred)
eed6f000 eed90d00 afd (deferred)
eed91000 eedb8c00 netbt (deferred)
eedb9000 eedd5be0 SYMEVENT (deferred)
eedd6000 eee15ce0 SYMTDI (deferred)
eee16000 eee6dd80 tcpip (deferred)
eee6e000 eee80400 ipsec (deferred)
eeea5000 eeea7900 Dxapi (deferred)
eef69000 eef84b60 ialmsbw (deferred)
eef85000 eef983a0 ialmkchw (deferred)
f7041000 f7074200 update (deferred)
f7075000 f70a5100 rdpdr (deferred)
f70a6000 f70b6e00 psched (deferred)
f70b7000 f70cd680 ndiswan (deferred)
f70ce000 f70f1980 portcls (deferred)
f70f2000 f717fd80 smwdm (deferred)
f71af000 f71d1680 ks (deferred)
f71d2000 f71e5900 parport (deferred)
f71e6000 f7209800 e100b325 (deferred)
f720a000 f722ce80 USBPORT (deferred)
f722d000 f72432e0 ialmnt5 (deferred)
f7244000 f7257780 VIDEOPRT (deferred)
f725c000 f725fc80 mssmbios (deferred)
f7278000 f727a580 ndistapi (deferred)
f72b1000 f72cb580 Mup (deferred)
f72cc000 f72f8a80 NDIS (deferred)
f72f9000 f7385480 Ntfs (deferred)
f7386000 f739c780 KSecDD (deferred)
f739d000 f73bb780 fltmgr (deferred)
f73bc000 f73d3480 atapi (deferred)
f73d4000 f73f9700 dmio (deferred)
f73fa000 f7418880 ftdisk (deferred)
f7419000 f7436480 pcmcia (deferred)
f7437000 f7447a80 pci (deferred)
f7448000 f7475d80 ACPI (deferred)
f7497000 f749fc00 isapnp (deferred)
f74a7000 f74b1500 MountMgr (deferred)
f74b7000 f74c3c80 VolSnap (deferred)
f74c7000 f74cfe00 disk (deferred)
f74d7000 f74e3200 CLASSPNP (deferred)
f74e7000 f74f0c80 FileHook (deferred)
f7517000 f751fd00 intelppm (deferred)
f7527000 f7533e00 i8042prt (deferred)
f7537000 f7543180 cdrom (deferred)
f7547000 f7555080 redbook (deferred)
f7557000 f7565b80 drmk (deferred)
f7567000 f7573880 rasl2tp (deferred)
f7577000 f7581200 raspppoe (deferred)
f7587000 f7592d00 raspptp (deferred)
f7597000 f759f900 msgpc (deferred)
f75c7000 f75d0f00 termdd (deferred)
f75d7000 f75e0480 NDProxy (deferred)
f7607000 f7615100 usbhub (deferred)
f7617000 f761f700 netbios (deferred)
f7667000 f766f880 Fips (deferred)
f7677000 f767f700 wanarp (deferred)
f7687000 f768fd80 HIDCLASS (deferred)
f76e7000 f76f6900 Cdfs (deferred)
f7717000 f771d200 PCIIDEX (deferred)
f771f000 f77230e0 winroute (deferred)
f7727000 f772b900 PartMgr (deferred)
f77af000 f77b3500 watchdog (deferred)
f77f7000 f77fd000 kbdclass (deferred)
f77ff000 f7804a00 mouclass (deferred)
f7807000 f780c000 usbuhci (deferred)
f780f000 f7815800 usbehci (deferred)
f7817000 f781e000 GEARAspiWDM (deferred)
f781f000 f7823880 TDI (deferred)
f7827000 f782b580 ptilink (deferred)
f782f000 f7833080 raspti (deferred)
f783f000 f7845180 HIDPARSE (deferred)
f7847000 f784c200 vga (deferred)
f784f000 f7853a80 Msfs (deferred)
f7857000 f785e880 Npfs (deferred)
f785f000 f7863100 safandrv (deferred)
f7867000 f786ef80 SFRes (deferred)
f7897000 f789e000 KernelWDC_I2C (deferred)
f78a7000 f78aa000 BOOTVID (deferred)
f7953000 f7955280 rasacd (deferred)
f7957000 f795ac80 SFReg (deferred)
f796b000 f796e240 OMCI (deferred)
f797b000 f797d580 hidusb (deferred)
f797f000 f7981f80 mouhid (deferred)
f7997000 f7998b80 kdcom (deferred)
f7999000 f799a100 WMILIB (deferred)
f799b000 f799c700 dmload (deferred)
f79af000 f79b0a80 ParVdm (deferred)
f79eb000 f79ec100 dump_WMILIB (deferred)
f79f3000 f79f4300 kbstuff5 (deferred)
f79f5000 f79f6180 SFkbd (deferred)
f79f7000 f79f8280 SFMouse (deferred)
f79f9000 f79faa00 SFScsi (deferred)
f79fb000 f79fc120 aeaudio (deferred)
f79ff000 f7a00100 swenum (deferred)
f7a01000 f7a02280 USBD (deferred)
f7a03000 f7a04f00 Fs_Rec (deferred)
f7a05000 f7a06080 Beep (deferred)
f7a07000 f7a08080 mnmdd (deferred)
f7a09000 f7a0a080 RDPCDD (deferred)
f7a5f000 f7a5fd00 pciide (deferred)
f7a82000 f7a82840 idisw2km (deferred)
f7a93000 f7a93c00 audstub (deferred)
f7aaa000 f7aaad00 dxgthk (deferred)
f7ae6000 f7ae6a00 mc21 (deferred)
f7bb6000 f7bb6b80 Null (deferred)

Unloaded modules:
ed1ad000 ed1d7000 kmixer.sys
ed1ad000 ed1d7000 kmixer.sys
ed1ad000 ed1d7000 kmixer.sys
ed1f1000 ed21b000 kmixer.sys
ee37d000 ee3a7000 kmixer.sys
f7b89000 f7b8a000 drmkaud.sys
ee4d7000 ee4e4000 DMusic.sys
ee4e7000 ee4f5000 swmidi.sys
ee3a7000 ee3ca000 aec.sys
f79bd000 f79bf000 splitter.sys
ed473000 ed485000 naveng.sys
ed485000 ed547000 navex15.sys
ed473000 ed485000 naveng.sys
ed485000 ed547000 navex15.sys
f7657000 f7662000 imapi.sys
f7637000 f7640000 processr.sys
f7627000 f7637000 serial.sys
f794f000 f7953000 kbdhid.sys
f7837000 f783c000 Cdaudio.SYS
f794b000 f794e000 Sfloppy.SYS

---------------------------------------------------------------------------------------------------------------------------

Now it looks like the kernel symbols are loaded. But I still cant load
the driver symbols.
Coz, when I add the path for my driver .pdb file, it still shows the
driver module as deferred status.

I was following Maxim's posting. Any ideas Maxim ?

Abhishek
Post by Maxim S. Shatskih
Post by Skywing
If you use `.reload /u', you would need to manually recreate the module in
For me, ".reload modulename.sys" recreates the module fine after ".reload /u",
but the ".sys" suffix is yes, mandatory.
For the kernel itself, ".reload nt" always works.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
Maxim S. Shatskih
2006-05-15 13:24:44 UTC
Permalink
Post by a***@rediffmail.com
Coz, when I add the path for my driver .pdb file, it still shows the
driver module as deferred status.
"Deferred" means - everything is prepared for load, will be loaded on demand.

To create such "demand", say:

x mydriver!*
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
***@storagecraft.com
http://www.storagecraft.com
Skywing
2006-05-15 13:28:04 UTC
Permalink
You still need to do something to cause the debugger to try to load
symbols - that's what deferred symbol loading means, symbols will not be
loaded until they are needed / referenced directly.

You can follow the same procedure as was done for the kernel symbols (i.e.
`.reload drivermodule') or you could also just use some command that causes
symbols to be used (i.e. 'x drivermodule!*'). If you don't get an error
about failing to load symbols, then everything should be set.
Post by a***@rediffmail.com
Hello All
Just to continue further the discussion, I would like to tell you the
latest result.
Maxim, I am currently trying to run the debugger on the same system on
which I am running my image. As I have already mentioned I have a
graphical version of winDbg, I went to file|symbol File Path ( ctrl +
S) and gave the path of the file where windows symbols are present.
C:\Program Files\Debugging Tools for Windows\sym. Following this when I
tried "lm" I got this
--------------------------------------------------------------------------------------------------------------------------------
start end module name
804d7000 806fd000 nt (pdb symbols) C:\Program
Files\Debugging Tools for
Windows\sym\ntkrnlmp.pdb\AA1EE1B2A63A4232A379F3EFDDC4CFE82\ntkrnlmp.pdb
806fd000 8071dd00 hal (deferred)
bf800000 bf9c1180 win32k (deferred)
bf9c2000 bf9d3580 dxg (deferred)
bf9d4000 bf9e1000 ialmrnt5 (deferred)
bf9e1000 bfa03000 ialmdnt5 (deferred)
bfa03000 bfa30e00 ialmdev5 (deferred)
bfa31000 bfaa7000 ialmdd5 (deferred)
ed1ad000 ed1d6f00 kmixer (deferred)
ed1d7000 ed1f1000 EraserUtilDrv10614 (deferred)
ed473000 ed484980 naveng (deferred)
ed485000 ed546b40 navex15 (deferred)
ed547000 ed59c000 savrt (deferred)
ed7f4000 ed834100 HTTP (deferred)
eddf5000 eddf7f60 SYMREDRV (deferred)
ee071000 ee074600 prepdrv (deferred)
ee3ca000 ee3de400 wdmaud (deferred)
ee597000 ee5e8300 srv (deferred)
ee619000 ee627d80 sysaudio (deferred)
ee799000 ee79cca0 multiice (deferred)
ee7a1000 ee7cd400 mrxdav (deferred)
ee7ce000 ee81e400 mvfs50 (deferred)
eeb33000 eeb36280 ndisuio (deferred)
eec2f000 eec46480 dump_atapi (deferred)
eec47000 eec99000 eeCtrl (deferred)
eecc1000 eed2f400 mrxsmb (deferred)
eed30000 eed5aa00 rdbss (deferred)
eed5b000 eed6f000 Savrtpel (deferred)
eed6f000 eed90d00 afd (deferred)
eed91000 eedb8c00 netbt (deferred)
eedb9000 eedd5be0 SYMEVENT (deferred)
eedd6000 eee15ce0 SYMTDI (deferred)
eee16000 eee6dd80 tcpip (deferred)
eee6e000 eee80400 ipsec (deferred)
eeea5000 eeea7900 Dxapi (deferred)
eef69000 eef84b60 ialmsbw (deferred)
eef85000 eef983a0 ialmkchw (deferred)
f7041000 f7074200 update (deferred)
f7075000 f70a5100 rdpdr (deferred)
f70a6000 f70b6e00 psched (deferred)
f70b7000 f70cd680 ndiswan (deferred)
f70ce000 f70f1980 portcls (deferred)
f70f2000 f717fd80 smwdm (deferred)
f71af000 f71d1680 ks (deferred)
f71d2000 f71e5900 parport (deferred)
f71e6000 f7209800 e100b325 (deferred)
f720a000 f722ce80 USBPORT (deferred)
f722d000 f72432e0 ialmnt5 (deferred)
f7244000 f7257780 VIDEOPRT (deferred)
f725c000 f725fc80 mssmbios (deferred)
f7278000 f727a580 ndistapi (deferred)
f72b1000 f72cb580 Mup (deferred)
f72cc000 f72f8a80 NDIS (deferred)
f72f9000 f7385480 Ntfs (deferred)
f7386000 f739c780 KSecDD (deferred)
f739d000 f73bb780 fltmgr (deferred)
f73bc000 f73d3480 atapi (deferred)
f73d4000 f73f9700 dmio (deferred)
f73fa000 f7418880 ftdisk (deferred)
f7419000 f7436480 pcmcia (deferred)
f7437000 f7447a80 pci (deferred)
f7448000 f7475d80 ACPI (deferred)
f7497000 f749fc00 isapnp (deferred)
f74a7000 f74b1500 MountMgr (deferred)
f74b7000 f74c3c80 VolSnap (deferred)
f74c7000 f74cfe00 disk (deferred)
f74d7000 f74e3200 CLASSPNP (deferred)
f74e7000 f74f0c80 FileHook (deferred)
f7517000 f751fd00 intelppm (deferred)
f7527000 f7533e00 i8042prt (deferred)
f7537000 f7543180 cdrom (deferred)
f7547000 f7555080 redbook (deferred)
f7557000 f7565b80 drmk (deferred)
f7567000 f7573880 rasl2tp (deferred)
f7577000 f7581200 raspppoe (deferred)
f7587000 f7592d00 raspptp (deferred)
f7597000 f759f900 msgpc (deferred)
f75c7000 f75d0f00 termdd (deferred)
f75d7000 f75e0480 NDProxy (deferred)
f7607000 f7615100 usbhub (deferred)
f7617000 f761f700 netbios (deferred)
f7667000 f766f880 Fips (deferred)
f7677000 f767f700 wanarp (deferred)
f7687000 f768fd80 HIDCLASS (deferred)
f76e7000 f76f6900 Cdfs (deferred)
f7717000 f771d200 PCIIDEX (deferred)
f771f000 f77230e0 winroute (deferred)
f7727000 f772b900 PartMgr (deferred)
f77af000 f77b3500 watchdog (deferred)
f77f7000 f77fd000 kbdclass (deferred)
f77ff000 f7804a00 mouclass (deferred)
f7807000 f780c000 usbuhci (deferred)
f780f000 f7815800 usbehci (deferred)
f7817000 f781e000 GEARAspiWDM (deferred)
f781f000 f7823880 TDI (deferred)
f7827000 f782b580 ptilink (deferred)
f782f000 f7833080 raspti (deferred)
f783f000 f7845180 HIDPARSE (deferred)
f7847000 f784c200 vga (deferred)
f784f000 f7853a80 Msfs (deferred)
f7857000 f785e880 Npfs (deferred)
f785f000 f7863100 safandrv (deferred)
f7867000 f786ef80 SFRes (deferred)
f7897000 f789e000 KernelWDC_I2C (deferred)
f78a7000 f78aa000 BOOTVID (deferred)
f7953000 f7955280 rasacd (deferred)
f7957000 f795ac80 SFReg (deferred)
f796b000 f796e240 OMCI (deferred)
f797b000 f797d580 hidusb (deferred)
f797f000 f7981f80 mouhid (deferred)
f7997000 f7998b80 kdcom (deferred)
f7999000 f799a100 WMILIB (deferred)
f799b000 f799c700 dmload (deferred)
f79af000 f79b0a80 ParVdm (deferred)
f79eb000 f79ec100 dump_WMILIB (deferred)
f79f3000 f79f4300 kbstuff5 (deferred)
f79f5000 f79f6180 SFkbd (deferred)
f79f7000 f79f8280 SFMouse (deferred)
f79f9000 f79faa00 SFScsi (deferred)
f79fb000 f79fc120 aeaudio (deferred)
f79ff000 f7a00100 swenum (deferred)
f7a01000 f7a02280 USBD (deferred)
f7a03000 f7a04f00 Fs_Rec (deferred)
f7a05000 f7a06080 Beep (deferred)
f7a07000 f7a08080 mnmdd (deferred)
f7a09000 f7a0a080 RDPCDD (deferred)
f7a5f000 f7a5fd00 pciide (deferred)
f7a82000 f7a82840 idisw2km (deferred)
f7a93000 f7a93c00 audstub (deferred)
f7aaa000 f7aaad00 dxgthk (deferred)
f7ae6000 f7ae6a00 mc21 (deferred)
f7bb6000 f7bb6b80 Null (deferred)
ed1ad000 ed1d7000 kmixer.sys
ed1ad000 ed1d7000 kmixer.sys
ed1ad000 ed1d7000 kmixer.sys
ed1f1000 ed21b000 kmixer.sys
ee37d000 ee3a7000 kmixer.sys
f7b89000 f7b8a000 drmkaud.sys
ee4d7000 ee4e4000 DMusic.sys
ee4e7000 ee4f5000 swmidi.sys
ee3a7000 ee3ca000 aec.sys
f79bd000 f79bf000 splitter.sys
ed473000 ed485000 naveng.sys
ed485000 ed547000 navex15.sys
ed473000 ed485000 naveng.sys
ed485000 ed547000 navex15.sys
f7657000 f7662000 imapi.sys
f7637000 f7640000 processr.sys
f7627000 f7637000 serial.sys
f794f000 f7953000 kbdhid.sys
f7837000 f783c000 Cdaudio.SYS
f794b000 f794e000 Sfloppy.SYS
---------------------------------------------------------------------------------------------------------------------------
Now it looks like the kernel symbols are loaded. But I still cant load
the driver symbols.
Coz, when I add the path for my driver .pdb file, it still shows the
driver module as deferred status.
I was following Maxim's posting. Any ideas Maxim ?
Abhishek
Post by Maxim S. Shatskih
Post by Skywing
If you use `.reload /u', you would need to manually recreate the module in
For me, ".reload modulename.sys" recreates the module fine after ".reload /u",
but the ".sys" suffix is yes, mandatory.
For the kernel itself, ".reload nt" always works.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
a***@rediffmail.com
2006-05-22 06:52:17 UTC
Permalink
Hello everyone
Its been some time since I lasted posted my observations in this group.
Among other things I have been trying to configure WinDbg, for some
time now, but still the kernel symbols remain unloaded.
I want to give a detail of what i have been doing and the detailed
observations, as per the methods suggested by Maxim and Doron .

First I have downloaded the symbols file from
http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx and
the package is Windows XP with Service Pack 2 x86 retail symbols, all
languages (File size: 195 MB - Most customers want this package.).

Well I stored them in D:\symbols folder in my local directory.

My WinDbg uses a Null modem to connect to a target PC. This connection
is OK as I am able to perform a break and .crash activity on the
target.

In windbg I added the path D:\symbols to file|SymbolFilePath (Ctrl + S)
.

Now once the target system has booted, it gives the following message

Opened \\.\com1
Waiting to reconnect...
Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
Kernel Debugger connection established.
Symbol search path is: D:\symbols
Executable search path is:
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for ntkrpamp.exe -
Windows XP Kernel Version 2600 MP (1 procs) Free x86 compatible
Built by: 2600.xpsp_sp2_gdr.050301-1519
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
System Uptime: not available
SCSI Add Device Start....
SCSI AddDevice Finish... ...

and continues further.

In the D:\symbols directory I have the following folders

16bit
acm
ax
cnv
com
cpl
dic
dll
drv
ds
exe
iec
ime
ocx
scr
sys
tpl
tsp
wpc

Are they correct?

Next I tried .symfix D:\symbols and said .reload nt, but this is what I
get

0: kd> .reload
Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for ntkrpamp.exe -
Loading Kernel Symbols
...............................................................................................................................
Loading User Symbols
Loading unloaded module list
....

I also tried !sym noisy and then saying .reload nt, but still the
results are

0: kd> !sym noisy
noisy mode - symbol prompts on
0: kd> .reload nt
DBGHELP:
D:\symbols\ntkrpamp.pdb\430480FAAC4F4A45980B99443EDC145E1\ntkrpamp.pdb
- file system or network error reading pdb
DBGHELP: ntkrpamp.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for ntkrpamp.exe -
DBGHELP: nt - export symbols

But upon saying .reload \f I can see most of the symbols are loaded as
pdb but nt doesnot load.

What is it, that I am doing wrong ???
Anticipating your suggestions as usual

Abhishek
Post by Maxim S. Shatskih
Post by a***@rediffmail.com
Clearly indiacting that my kernel symbols have not been loaded. Why
does symfix not work for me? Do I need to upgrade WinDbg ( Current
Read my previous email more carefully.
.symfix does not reload anything. If you have the wrong symbols loaded ("export
.reload /u nt
.reload nt
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
Maxim S. Shatskih
2006-05-22 20:13:55 UTC
Permalink
Post by a***@rediffmail.com
First I have downloaded the symbols file from
http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx and
the package is Windows XP with Service Pack 2 x86 retail symbols, all
languages (File size: 195 MB - Most customers want this package.).
Why not use the Symbol Server instead?
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
***@storagecraft.com
http://www.storagecraft.com
a***@rediffmail.com
2006-05-24 11:35:56 UTC
Permalink
Thanks Maxim!!
Debugger is up :)
Post by Maxim S. Shatskih
Post by a***@rediffmail.com
First I have downloaded the symbols file from
http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.mspx and
the package is Windows XP with Service Pack 2 x86 retail symbols, all
languages (File size: 195 MB - Most customers want this package.).
Why not use the Symbol Server instead?
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
http://www.storagecraft.com
Continue reading on narkive:
Loading...