wow64!_TEB32 not found

Question

I am trying to analyze a wow64 process dump. The issue is memory leak, so I need to check the heap. I am referring to this article to analyze the dump:

http://www.codeproject.com/Articles/31382/Memory-Leak-Detection-Using-Windbg.

0:000> .load wow64exts

0:000> !sw
Switched to 32bit mode


0:000:x86> !heap -s
NtGlobalFlag enables following debugging aids for new heaps:
    tail checking
    free checking
    validate parameters
LFH Key                   : 0x00000000072e0d1a
Termination on corruption : ENABLED
  Heap     Flags   Reserv  Commit  Virt   Free  List   UCR  Virt  Lock  Fast 
                    (k)     (k)    (k)     (k) length      blocks cont. heap 
-----------------------------------------------------------------------------
00000000001b0000 40000062    1024     32   1024      8     2     1    0      0      
0000000000320000 40001062   47808  45812  47808      7     8     7    0      0      
-----------------------------------------------------------------------------


0:000:x86>  !heap -stat -h 0000000000320000 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing ".symopt- 100". Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: wow64!_TEB32                                  ***
***                                                                   ***
*************************************************************************
 heap @ 0000000000320000
group-by: TOTSIZE max-display: 20
    size     #blocks     total     ( %) (percent of total busy bytes)

Can not find wow64!_TEB32, so can not go ahead. Is there any body whole can help on this?

Answer 1

First, make sure that your symbols are set up correctly, usually by doing

.symfix c:\symbols
.reload

Usually, for 32 bit applications, a 32 bit dump should be taken, if you don't want to debug the WOW64 layer itself.

However, in your case (concerning the !heap commands), you can just repeat the steps in the 32 bit version of WinDbg, which also runs on 64 bit Windows and which can open 64 bit dumps.