'windbg' 当 运行 作为系统帐户时无法加载符号
'windbg' unable to load symbols when run as system account
我正在尝试使用 windbg/cdb/kd[=34= 分析 MEMORY.DMP ] 在仅使用系统帐户运行的 Powershell 脚本中使用调试工具。
我提供了符号文件路径并且“!sym noisy”提示打开。
- 符号文件路径:
"SRV*c:\symbols*http://msdl.microsoft.com/download/symbols"
我能够在 windbg/cdb/kd 中下载和加载符号运行 作为 管理员。
SYMSRV: File: ntkrnlmp.exe
SYMSRV: Get File Path: download/symbols/ntkrnlmp.exe/5C8C79C8708000/ntkrnlmp.exe
SYMSRV: Notifies the client application that a proxy has been detected.
SYMSRV: Connecting to the Server: http://msdl.microsoft.com/download/symbols.
SYMSRV: Waiting for the server to respond to a request.
SYMSRV: Successfully received a response from the server.
SYMSRV: Successfully received a copied
copied
DBGHELP: c:\symbols\ntkrnlmp.exeC8C79C8708000\ntkrnlmp.exe - OK
但是当 运行 与“NT Authority/System”在同一台机器上时,我无法在 windbg/cdb/kd 中下载和加载符号。
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
SYMSRV: c:\symbols\ntkrnlmp.exeC8C79C8708000\ntkrnlmp.exe not found
SYMSRV: c:\symbols\ntkrnlmp.exeC8C79C8708000\ntkrnlmp.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/5C8C79C8708000/ntkrnlmp.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/5C8C79C8708000/ntkrnlmp.exe not found
SYMSRV: c:\symbols\ntoskrnl.exeC8C79C8708000\ntoskrnl.exe not found
SYMSRV: c:\symbols\ntoskrnl.exeC8C79C8708000\ntoskrnl.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/5C8C79C8708000/ntoskrnl.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/5C8C79C8708000/ntoskrnl.exe not found
为什么调试工具不使用系统帐户加载符号?如果不可能,还有其他解决方法吗?
这里提供了答案。
Cannot download microsoft symbols when running cdb in a windows service
我正在尝试使用 windbg/cdb/kd[=34= 分析 MEMORY.DMP ] 在仅使用系统帐户运行的 Powershell 脚本中使用调试工具。 我提供了符号文件路径并且“!sym noisy”提示打开。
- 符号文件路径:
"SRV*c:\symbols*http://msdl.microsoft.com/download/symbols"
我能够在 windbg/cdb/kd 中下载和加载符号运行 作为 管理员。
SYMSRV: File: ntkrnlmp.exe
SYMSRV: Get File Path: download/symbols/ntkrnlmp.exe/5C8C79C8708000/ntkrnlmp.exe
SYMSRV: Notifies the client application that a proxy has been detected.
SYMSRV: Connecting to the Server: http://msdl.microsoft.com/download/symbols.
SYMSRV: Waiting for the server to respond to a request.
SYMSRV: Successfully received a response from the server.
SYMSRV: Successfully received a copied
copied
DBGHELP: c:\symbols\ntkrnlmp.exeC8C79C8708000\ntkrnlmp.exe - OK
但是当 运行 与“NT Authority/System”在同一台机器上时,我无法在 windbg/cdb/kd 中下载和加载符号。
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
SYMSRV: c:\symbols\ntkrnlmp.exeC8C79C8708000\ntkrnlmp.exe not found
SYMSRV: c:\symbols\ntkrnlmp.exeC8C79C8708000\ntkrnlmp.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/5C8C79C8708000/ntkrnlmp.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/5C8C79C8708000/ntkrnlmp.exe not found
SYMSRV: c:\symbols\ntoskrnl.exeC8C79C8708000\ntoskrnl.exe not found
SYMSRV: c:\symbols\ntoskrnl.exeC8C79C8708000\ntoskrnl.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/5C8C79C8708000/ntoskrnl.exe not found
SYMSRV: http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/5C8C79C8708000/ntoskrnl.exe not found
为什么调试工具不使用系统帐户加载符号?如果不可能,还有其他解决方法吗?
这里提供了答案。
Cannot download microsoft symbols when running cdb in a windows service