1

I'm studying kernel mode driver following to this Youtube video and preparing for debugging a driver in a VirtualBox VM, with WinDbg and Virtual KD.

I set up the symbol file by clicking

  1. File / Symbol file path

  2. add symbol path 

    SRV*c:\symbols* http://msdl.microsoft.com/download/symbols

  3. put a check mark to "reload" item

  4. click ok

After that, Windbg's screen is as follows:

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:\symbols*             http://msdl.microsoft.com/download/symbols
kd> .reload
Connected to Windows 10 17134 x64 target at (Sun Oct  7 13:16:30.147 2018     (UTC + 9:00)), ptr64 TRUE
Loading Kernel Symbols
...............................................................
................................................................
..........................
Loading User Symbols

Loading unloaded module list
......Unable to enumerate user-mode unloaded modules, Win32 error 0n30

I can not understand symbol files functioning properly.

Are Symbol files currently not available?

Thomas Weller
  • 55,411
  • 20
  • 125
  • 222
user25718
  • 81
  • 6
  • Possible duplicate of [How to set up symbols in WinDbg?](https://stackoverflow.com/questions/30019889/how-to-set-up-symbols-in-windbg) – Thomas Weller Oct 07 '18 at 18:11
  • It seems you copied a tab or something. The symbol path is not correct after second `*`. Other than that it looks quite ok. All the `....` seems to load a symbol each. Why are you so sure that your symbols don't work? Which command fails? – Thomas Weller Oct 07 '18 at 18:19
  • I was able to debug device driver in virtualbox. Thank you very kindly – user25718 Dec 27 '18 at 04:58

1 Answers1

1

I use lml command in such case.

If symbol files are loaded, you can find module name like this.

2: kd> lml
start             end                 module name
ffff9e54`ba960000 ffff9e54`ba9d7000   win32k     (pdb symbols)          c:\symbols\win32k.pdb\901A464ABCFD2696F50FFB02C607B4661\win32k.pdb
fffff803`6921a000 fffff803`69aef000   nt         (pdb symbols)          c:\symbols\ntkrnlmp.pdb\9378084E8DBD4AB1A155099BCE693E341\ntkrnlmp.pdb
chg
  • 205
  • 1
  • 5
  • 10