Hello, I have a crash dump file that I need to analyze using windbg to run some tests.
Due to some restrictions I can't comment, my symbols folder can only contain the symbols needed to analyze this crash dump.
Is there a way to know the exact symbols needed by a dump? If it helps, I can first analyze this dump in another environment where all the symbols are available.
Thank you.
I'm not entirely sure if this is possible. Analyzing a dump is a dynamic process but you're looking for a static solution. It's not possible to know what symbols will be needed unless you already know what the problem is. Therefore it's not possible to know what set of symbols will be needed.
Even doing something as simple as saying that "I will only provide symbols for the DLL's which have frames on the stack" is not enough. It's possible that memory corruption or a global variable from a DLL not on the stack could influence the behavior of the program. Leaving symbols for that DLL out could prevent diagnosis of a problem.
One approach though which will yield decent results would be the following
You can use !symnoisy to make Windbg dump out the symbol it needs and looks for.
If you set up a symbol path with a local cache, Windbg will download into the local cahce path only the needed symbols.
If you load the dump on your machine, force it to load all the symbols, the lml command will show all loaded symbols and you can see each module where it loaded the symbols from, copy only those pdb files into your target restricted environment.
You can also use the command:
lml
after running "analyze -v" to display which symbols WinDbg loaded or attempted to load.