views:

712

answers:

2

Hello everyone,

I am interested in which symbol file is used when we analyze dump file using Windbg or Visual Studio. Suppose my application is using a utility library, and the utility library has related private symbol file. When there is crash dump in my application, I need the symbol of the utility library to analyze the full call stack. But sometimes the build/runtime/debug environments are installed with different versions of the utility library -- which are (for sure) of different versions of utility library symbols.

Suppose we have a version (e.g. version A) of utility library (and related symbol) for build (link) my application, using another version (e.g. version B) of utility library (and related symbol) in runtime when there is crash, and using another different version (e.g. version C) of utility library (and related symbol) in Windbg when I analyze the crash dump.

My question is, when the crash is genarated in runtime, version B symbol is used to generate the crash dump (to fill the dump with symbol information)? But when using a different version of symbol C in Windbg debugging environment, there will be symbol mis-match issue? And which version of library is used to build does not matter? Are my understandings all correct?

thanks in advance, George

+1  A: 

Generally the symbols should be in the same file as the code (that's why debug versions are generally bigger). I can't recall a case where a debugger would pull the symbols from one binary while running another--but then, this is from general knowledge and not from any specialized information about your environment.

MarkusQ
Hi MarkusQ, for non-technical reasons (build/run/debug are performned by different parties and not synced yet) different binaries are used. My question is when dump is generated, is the dump dependent on runtime library symbols to fill dump information?
George2
@George -- I was just talking in generalities. See Matt Ellis's answer for good specifics. (I'm upvoting him)
MarkusQ
Hi MarkusQ, I did not find my answer from his post -- why there will be symbol mismatch (or report wrong information) if the environment (which generates crash dump) is using a different version of symbol, but the environment used to run windbg to analyze the dump is using another version of symbol?
George2
(continued) do you have any ideas?
George2
+3  A: 

It sounds like you want to use a Symbol Server so that WinDBG or VS can pull down symbols that correspond to the build of the library you're debugging. If it's a third party component and you have private symbols you can either put them symbols in your own server or see if the third party has a public symbol server.

Windbg won't load symbols if they don't match the dll you're debugging, you can use !sym noisy to see more about the symbol loading process. If you choose not to use a symbol server you can manage all the pdb's by hand and load them manually into windbg (use lm v to get detailed information about a module loaded in your process)

Matt Ellis
I want to know why there will be symbol mismatch (or report wrong information) if the environment (which generates crash dump) is using a different version of symbol, but the environment used to run windbg to analyze the dump is using another version of symbol?
George2
I agree with you using symbol server is a good solution to solve such symbol mismtach issue, but in my environment, for non-technical reasons, runtime/build/debug are run by different group of people and sometimes hard for them to sync code immediately. :-)
George2
In your first example you will get a miss match if the symbols on the machine you use the debug the issue don't match the dll that you took the dump on. In this case you should copy the symbols to your local machine, add the directory to where they are to sympath and then do a .reload /f
Matt Ellis
Note that the miss match will happen at debug time, not when the faulting machine generates the dump. You can easily resolve it on your local machine when you go to debug the issue if you have the correct symbols. Perhaps you can run a symbol server on your own machine :-)
Matt Ellis
Thanks Matt, I think the root cause of mis-match is, then on the fault machine, making dump needs symbol information, correct? Previously I think making dump is just to record the memory of the process, no dependned on any symbol information. Any comments?
George2
Taking a dump shouldn't require symbol information. A dump will contain the loaded dlls in the process which includes metadata the debugger can use to ensure it loads the correct symbols. You shouldn't need any symbols on the faulting machine to get a good dump.
Matt Ellis
Thanks Matt! If only data in dump, why if debugger is on a machine which has a different version of mscordacwks.dll, it will interpret to wrong information (e.g. wrong call stack)? Could you show me a pseudo simple sample (e.g. dump wrote call stack informaiton on the fault machine (to be continued)
George2
(continue) but a debugger using mis-matched version of mscordacwks.dll will interpret it to wrong call stack?) to make it clear please? :-)
George2