*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe

Question

Hello Stackoverflow community,

I am trying to debug an application on Windows 10 and require windows debugger framework to load symbols to run certain commands in the (windows kernel debugger) kd.

Each time I load the kernel debugger (kd) on the command prompt by typing kd -kl (NOTE: you would need to enable bcdedit -debug on for it to work), I get the below stack trace:

Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Connected to Windows 10 10240 x64 target at (Tue May  2 18:26:51.800 2017 (UTC - 7:00)), ptr64 TRUE
Symbol search path is: srv*
Executable search path is:
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe -
Windows 10 Kernel Version 10240 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 10240.17354.amd64fre.th1_st1.170327-1827
Machine Name:
Kernel base = 0xfffff803`1da07000 PsLoadedModuleList = 0xfffff803`1dd2c070
Debug session time: Tue May  2 18:26:53.740 2017 (UTC - 7:00)
System Uptime: 0 days 0:50:43.754
lkd>

At first glance, it appears that my sympath is not configured.
I configure it to point to a path on my file system (see next point).
.sympath srv*C:\symbols*https://msdl.microsoft.com/download/symbols
Now, I set !sym noisy and do a .reload and I get the following trace

lkd> !sym noisy noisy mode - symbol prompts off lkd> .reload Connected to Windows 10 10240 x64 target at (Tue May 2 18:41:38.542 2017 (UTC - 7:00)), ptr64 TRUE SYMSRV: BYINDEX: 0x3 c:\symbols*https://msdl.microsoft.com/download/symbols ntkrnlmp.pdb 30D698E116494C24A48409E2A73883CF1 SYMSRV: c:\symbols\ntkrnlmp.pdb\30D698E116494C24A48409E2A73883CF1\ntkrnlmp.pdb - file not found SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/ntkrnlmp.pdb SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/ntkrnlmp.pd_ SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/file.ptr SYMSRV: HttpQueryInfo: 404 - HTTP_STATUS_NOT_FOUND SYMSRV: c:\symbols\ntkrnlmp.pdb\30D698E116494C24A48409E2A73883CF1\ntkrnlmp.pdb not found SYMSRV: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/30D698E116494C24A48409E2A73883CF1/ntkrnlmp.pdb not found DBGHELP: ntkrnlmp.pdb - file not found *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - DBGHELP: nt - export symbols Loading Kernel Symbols ............................................................... ................................................................ ......... Loading User Symbols

************* Symbol Loading Error Summary **************

Module name            Error
SharedUserData         No error - symbol load deferred
                                Symbol loading has been deferred because this symbol is not needed
                                at this time. Use reload /f to force load symbols.

ntkrnlmp               The system cannot find the file specified
                                The SYMSRV client failed to find a file in the UNC store, or there
                                is an invalid UNC store (an invalid path or the pingme.txt file is
                                not present in the root directory), or the file is present in the
                                symbol server exclusion list.

I also tried performing the steps explained in ERROR: Symbol file could not be found. windbg.exe and Error:Symbol File not found in WinDbg but no luck. I get errors that indicate several 404 errors.

It always points to this file ntkrnlmp.exe and says its missing(or not found).

Has anyone faced similar issues in the past? If so, what can I do to get this fixed?

why do you still use Build 10240/TH1/v1507? Unless you use the LTSB version, the support ends now in May. So update to 1607 or 1703. Maybe it also fixes your issue that you try to solve — magicandre1981, May 03 '17 at 15:41
@magicandre1981: does your comment indicate that Microsoft will remove symbols from their servers after support ends? — Thomas Weller, May 03 '17 at 21:29
@ThomasWeller no, but maybe his issue is gone in newer win10 versions. — magicandre1981, May 04 '17 at 04:15

X. Liu · Answer 1 · 2017-05-06T04:26:06.070

The sympath you configured is correct. I think it is very likely because Microsoft has not uploaded the PDB symbol to their symbol servers. Typically new symbols will be available a few days after each Patch Tuesday. (It may become faster in the future.[1]) For your situation, I suggest you to report this issue to Microsoft WinDbg team at windbgfb@microsoft.com with the trace info you posted here.

[1] https://twitter.com/aluhrs13/status/842590084952088580
[2] The email address comes from this page.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe

1 Answers1