0

I'm trying to use Microsoft's "LiveKD" utility. My understanding is that it's an alternative to having to use WinDbg and KD via a serial connection to debug the kernel 'live' (and the system doesn't have to be booted in debug mode). I'm using Windows 10; however, until I enable debug option and reboot it doesn't work.

Any help is welcome.

livekd.exe -w

LiveKd v5.63 - Execute kd/windbg on a live system
Sysinternals - www.sysinternals.com
Copyright (C) 2000-2020 Mark Russinovich and Ken Johnson

Launching C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe:


no debugger:

Microsoft (R) Windows Debugger Version 10.0.19041.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\WINDOWS\livekd.dmp]
Kernel Complete Dump File: Full address space is available

Comment: 'LiveKD live system view'

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       SRV*c:\Symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\Symbols*https://msdl.microsoft.com/download/symbols
Executable search path is: 
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
Unable to read PsLoadedModuleList
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
KdDebuggerData.KernBase < SystemRangeStart
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Machine Name:
Kernel base = 0x00000000`00000000 PsLoadedModuleList = 0xfffff807`2a2460f0
Debug session time: Tue Oct 27 21:47:47.703 2020 (UTC)
System Uptime: not available
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
Unable to read PsLoadedModuleList
**************************************************************************
THIS DUMP FILE IS PARTIALLY CORRUPT.
KdDebuggerDataBlock is not present or unreadable.
**************************************************************************
KdDebuggerData.KernBase < SystemRangeStart
Loading Kernel Symbols
Unable to read PsLoadedModuleList
ReadVirtual() failed in GetXStateConfiguration() first read attempt (error == 0.)
GetContextState failed, 0xD0000147
CS descriptor lookup failed
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
For analysis of this file, run !analyze -v
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
GetContextState failed, 0xD0000147
Lewis Kelsey
  • 4,129
  • 1
  • 32
  • 42
albfrk99
  • 1
  • 2
  • are in your system exist page file ? – RbMm Nov 11 '20 at 20:43
  • Fail to reproduce this issue because `livekd.exe -w` works for me. Please check if `windbg.exe` is existing in path `C:\Program Files (x86)\Windows Kits\10\Debuggers\x64`. – Rita Han Nov 12 '20 at 05:48
  • Yes, I have page file enabled (by default) on Windows 10 with Windows managing it's size. Yes, Ï have windbg on this path, if it's not there, the livekd fails. :( – albfrk99 Nov 12 '20 at 16:18
  • @albfrk99 Can you try to copy `livekd64.exe` to the same directory with the `windbg.exe`'s: `C:\Program Files (x86)\Windows Kits\10\Debuggers\x64` to see if it helps? – Rita Han Nov 13 '20 at 07:00
  • Yes Rita Han - MSFT, I copied and the same happens. This output above is from livekd64.exe. Are able to debug your Windows 10 last releases with livekd/livekd64 without enable the debug option in msconfig and without reboot? – albfrk99 Nov 16 '20 at 18:20
  • @albfrk99 Yes, I can debug without additional operations. When I launch that command, the windbg UI application starts. For this error "THIS DUMP FILE IS PARTIALLY CORRUPT" you can refer to [this](https://learn.microsoft.com/en-us/troubleshoot/windows-server/high-availability/corrupted-memory-dump-file) document to see if it helps. – Rita Han Nov 19 '20 at 09:35

0 Answers0