ansaurus

Question

Post-mortem crash-dump debugging without having the exact version of a Windows DLL in the Symbol Server

Answer 1

+1 A:

I'm pretty sure Microsoft's symbol server also provides the binaries. I'm looking in my store and I see a ton of Microsoft .dll files. I have my _NT_SYMBOL_PATH defined as

SRV*F:\Symbols\Microsoft*http://msdl.microsoft.com/download/symbols

This way it will search my local store first before trying to copy them down from Microsoft's public server.

Luke 2010-02-26 20:30:05

The Microsoft symbol server only contains the symbols, not the binaries (I'm quite sure of that). I have also _NT_SYMBOL_PATH set to a similar value, but if the DLL (used by the customer, and referenced in the crash dump file) is not on my system or in my symbol server (or symbol server cache), the debug information can't be loaded either. So the symbols only help if also the DLL is present in your symbol server.

Patrick 2010-02-27 12:03:00

Microsoft Symbol server usually _does_ contain the binaries. It might not have them for this particular case, though.

Roger Lipscombe 2010-03-05 08:48:53

Which tool do you use to debug crash dumps? WinDBG works fine without dll's if only pdb is present. And I've seen cases when Visual Studio was unable to load symbols without dll's.

Oleg 2010-03-07 21:14:15

Answer 2

A:

? What part isn't working?

I've never been in your situation, exactly, but I would expect the debugger to give you the correct portion of the call stack that was in your code, up to the call into the dark dll. Of course, from there down to the actual crash symbols would be unavailable, but can't you see which NTDLL API was being called and which arguments were passed to that call?

You don't say which tool you're using for minidump debugging: WinDBG or VS.

Die in Sente 2010-03-04 21:25:02

Every time we make a production executable, we store it (and its debug info) into our symbol server, so if we get a crash dump file from a customer we can see our own functions in the call stack. The problem is that if the app crashes in a Windows DLL (e.g. because we pass wrong arguments), and the DLL is not installed on my PC (because the customer has a different OS version or different patch) that I can't see the call stack or the debugger reports that the call stack is unreliable (and often it is). This is because I cannot download the customer's DLL from the MS site only the debug info.

Patrick 2010-03-05 08:20:04

I mainly use VS, but if I find a solution for WinDbg I am willing to use that in those cases.

Patrick 2010-03-05 08:20:39

Answer 3

+1 A:

You can have multiple symbol servers in your symbol path. So simply set up the symbol path to point to your own server for your own private modules, and to the public MS server for OS modules, see Symbol Path:

This can be easily combined with the Microsoft public symbol store by using the following initial setting:

_NT_SYMBOL_PATH=srv*c:\mysymbols*http://msdl.microsoft.com/download/symbols;cache*c:\mysymbols

The Microsoft Public Symbol Store is documented as http://msdl.microsoft.com/download/symbols.

Remus Rusanu 2010-03-05 23:18:27

Answer 4

+1 A:

It is possible to relax WinDbg's symbol resolution; see my answer to a similar question. On the other hand, the solution that I propose here relies on the fact that the DLLs are identical other than having different GUIDs identifying their debug symbols. A different version of a DLL is likely going to have a different binary, so the symbols are probably not going to match properly even if you can get them to load.

Aaron Klotz 2010-03-06 08:14:15

Give me some time to look at this solution. It looks like this may solve quite some problems. If I confirmed this to work in my situation, I'll mark this as a solution.

Patrick 2010-03-07 11:46:22

ansaurus

tags:

views:

answers:

Post-mortem crash-dump debugging without having the exact version of a Windows DLL in the Symbol Server

related questions