Author: R37ribution
Subject: "no symbols" for Kernel Memory limits system info
Posted: 15 July 2013 at 7:31pm
I got it working!
Edited by R37ribution - 21 hours 46 minutes ago at 8:14pm
Subject: "no symbols" for Kernel Memory limits system info
Posted: 15 July 2013 at 7:31pm
I got it working!
I only needed symbols for C:\Windows\system32\ntkrnlpa.exe on both the Windows Server 2003 SP2 and the Windows XP Pro SP3 hosts. I didn't use any symbols for ntoskrnl.exe to get the system information page to display correct max pool values for paged and nonpaged pool memory.
Below are two examples of how I got it working.
1) From a Windows XP host connected to the cloud where I used symchk.exe to download the symbols and pointed Process Explorer to a static directory on the machine.
2) From a Windows 2003 Server SP2 x86 host without internet access, in which I used symchk.exe to create a manifest of ntkrnlpa.exe and copied that manifest over to a computer with internet access and used symchk.exe to pull down those files. Similar to the offline walk thru here - http://blogs.technet.com/b/askperf/archive/2008/04/08/using-process-explorer-without-an-internet-connection.aspx
NOTE: I could not get the "Paged Limit" to work on my Windows 7 Ultimate x64 based computer, it still says "no symbols".
Apparently the instructions in the article below are not complete or inaccurate. Can someone go over what I have done here and determine if the documentation needs updating? This would have saved me a day of troubleshooting.
Using Process Explorer without an Internet Connection
http://blogs.technet.com/b/askperf/archive/2008/04/08/using-process-explorer-without-an-internet-connection.aspx
If you're trying to avoid installing Debugging Tools for Windows to get the DLL file copied over, you can install it on a non production host and copy the following files over to your "island" computer:
C:\Program Files\Windows Kits\8.0\Debuggers\x86\dbghelp.dll
C:\Program Files\Windows Kits\8.0\Debuggers\x86\symchk.exe
C:\Program Files\Windows Kits\8.0\Debuggers\x86\SymbolCheck.dll
C:\Program Files\Windows Kits\8.0\Debuggers\x86\symsrv.dll (appears to only be needed to download symbol dependencies, symchk.exe will still generate your manifest without this file)
Link to Debugging Tools for Windows:
http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
The following error when running symchk.exe appears to be normal as symchk.exe is trying to download a pdb file from the MS symbol server which of course is not available on your island computer. This error will also happen if you run symchk.exe on a "cloud" computer and symsrv.dll is not available.
"SYMCHK: ntoskrnl.exe FAILED - ntkrnlmp.pdb mismatched or not found"
Here is what I did on the XP host (has an internet connection but used symchk.exe to pull down symbols):
1) Purged C:\symbols
2) Changed my symbol path in Process Explorer to C:\symbols so it wouldn't reach out to the MS web server (old path - SRV*C:\WINDOWS\SYMBOLS*http://msdl.microsoft.com/download/symbols)
3) Executed the following at the cmd prompt to manually pull down the symbols for ntkrnlpa.exe:
 Windows XP Pro ntkrnlpa.exe symchk symbol download wrote:C:\Program Files\Windows Kits\8.0\Debuggers\x86>symchk.exe /if C:\Windows\System32\ntkrnlpa.exe /oi /op /ov /v /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols [SYMCHK] Searching for symbols to C:\Windows\System32\ntkrnlpa.exe in path SRV*c:\symbols*http://msdl.microsoft.com/download/symbols DBGHELP: Symbol Search Path: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols [SYMCHK] Using search path "SRV*c:\symbols*http://msdl.microsoft.com/download/symbols" DBGHELP: No header for C:\Windows\System32\ntkrnlpa.exe. Searching for image on disk DBGHELP: C:\Windows\System32\ntkrnlpa.exe - OK SYMSRV: ntkrnlpa.pdb from http://msdl.microsoft.com/download/symbols: 395043 bytes - copied DBGHELP: ntkrnlpa - public symbols c:\symbols\ntkrnlpa.pdb\497890CCBAF846F2944EC59C921550431\ntkrnlpa.pdb [SYMCHK] MODULE64 Info ---------------------- [SYMCHK] Struct size: 1680 bytes [SYMCHK] Base: 0x00400000 [SYMCHK] Image size: 2066048 bytes [SYMCHK] Date: 0x498c11d3 [SYMCHK] Checksum: 0x00206ac2 [SYMCHK] NumSyms: 0 [SYMCHK] SymType: SymPDB [SYMCHK] ModName: ntkrnlpa [SYMCHK] ImageName: C:\Windows\System32\ntkrnlpa.exe [SYMCHK] LoadedImage: C:\Windows\System32\ntkrnlpa.exe [SYMCHK] PDB: "c:\symbols\ntkrnlpa.pdb\497890CCBAF846F2944EC59C921550431\ntkrnlpa.pdb" [SYMCHK] CV: RSDS [SYMCHK] CV DWORD: 0x53445352 [SYMCHK] CV Data: ntkrnlpa.pdb [SYMCHK] PDB Sig: 0 [SYMCHK] PDB7 Sig: {497890CC-BAF8-46F2-944E-C59C92155043} [SYMCHK] Age: 1 [SYMCHK] PDB Matched: TRUE [SYMCHK] DBG Matched: TRUE [SYMCHK] Line nubmers: FALSE [SYMCHK] Global syms: FALSE [SYMCHK] Type Info: TRUE [SYMCHK] ------------------------------------ SymbolCheckVersion 0x00000002 Result 0x00130001 DbgFilename DbgTimeDateStamp 0x498c11d3 DbgSizeOfImage 0x001f8680 DbgChecksum 0x00206ac2 PdbFilename c:\symbols\ntkrnlpa.pdb\497890CCBAF846F2944EC59C921550431\ntkrnlpa.pdb PdbSignature {497890CC-BAF8-46F2-944E-C59C92155043} PdbDbiAge 0x00000001 [SYMCHK] [ 0x00000000 - 0x00130001 ] Checked "C:\Windows\System32\ntkrnlpa.exe" SYMCHK: ntkrnlpa.exe [5.1.2600.5755 ] PASSED - PDB: ntkrnlpa.pdb DBG: <N/A> SYMCHK: FAILED files = 0 SYMCHK: PASSED + IGNORED files = 1 C:\Program Files\Windows Kits\8.0\Debuggers\x86> |
4) Opened up Process Explorer > System Information and "no symbols" is GONE! I have max pool values now.
This same process worked on my "island" Windows Server 2003 SP2 computer as follows:
1) Purged C:\symbols
2) Removed any data from an existing symlist file as symchk appends data to this file
| ntkrnlpa.exe manifest generation on Windows 2003 Server SP2 island wrote: C:\xxxxxxx\vodbo\symchk_x86>symchk.exe /om .\symlist /if C:\WINDOWS\system32\ntkrnlpa.exe /v [SYMCHK] Searching for symbols to C:\WINDOWS\system32\ntkrnlpa.exe in path SRV*C:\WINDOWS\SYMBOLS*http://msdl.microsoft.com/download/symbols DBGHELP: Symbol Search Path: SRV*C:\WINDOWS\SYMBOLS*http://msdl.microsoft.com/download/symbols [SYMCHK] Using search path "SRV*C:\WINDOWS\SYMBOLS*http://msdl.microsoft.com/download/symbols" DBGHELP: No header for C:\WINDOWS\system32\ntkrnlpa.exe. Searching for image on disk DBGHELP: C:\WINDOWS\system32\ntkrnlpa.exe - OK SYMSRV: C:\WINDOWS\SYMBOLS\ntkrpamp.pdb\81143165DF564A62956C4EF4CFE2C62F1\ntkrpamp.pdb not found SYMSRV: http://msdl.microsoft.com/download/symbols: not available DBGHELP: ntkrnlpa - no symbols loaded [SYMCHK] MODULE64 Info ---------------------- [SYMCHK] Struct size: 1680 bytes [SYMCHK] Base: 0x00400000 [SYMCHK] Image size: 2465792 bytes [SYMCHK] Date: 0x4a799091 [SYMCHK] Checksum: 0x00246e62 [SYMCHK] NumSyms: 0 [SYMCHK] SymType: SymNone [SYMCHK] ModName: ntkrnlpa [SYMCHK] ImageName: C:\WINDOWS\system32\ntkrnlpa.exe [SYMCHK] LoadedImage: C:\WINDOWS\system32\ntkrnlpa.exe [SYMCHK] PDB: "" [SYMCHK] CV: RSDS [SYMCHK] CV DWORD: 0x53445352 [SYMCHK] CV Data: ntkrpamp.pdb [SYMCHK] PDB Sig: 0 [SYMCHK] PDB7 Sig: {81143165-DF56-4A62-956C-4EF4CFE2C62F} [SYMCHK] Age: 1 [SYMCHK] PDB Matched: TRUE [SYMCHK] DBG Matched: TRUE [SYMCHK] Line nubmers: FALSE [SYMCHK] Global syms: FALSE [SYMCHK] Type Info: FALSE [SYMCHK] ------------------------------------ SymbolCheckVersion 0x00000002 Result 0x00010001 DbgFilename ntkrnlpa.dbg DbgTimeDateStamp 0x00000000 DbgSizeOfImage 0x00000000 DbgChecksum 0x00000000 PdbFilename ntkrpamp.pdb PdbSignature {81143165-DF56-4A62-956C-4EF4CFE2C62F} PdbDbiAge 0x00000001 [SYMCHK] [ 0x00000000 - 0x00010001 ] Checked "C:\WINDOWS\system32\ntkrnlpa.exe" SYMCHK: ntkrnlpa.exe FAILED - ntkrpamp.pdb mismatched or not found SYMCHK: FAILED files = 1 SYMCHK: PASSED + IGNORED files = 0 C:\xxxxxxx\vodbo\symchk_x86> |
Here is the contents of C:\xxxxxxx\vodbo\symchk_x86\symlist:
| C:\xxxxxxx\vodbo\symchk_x86\symlist wrote: C:\xxxxxxx\vodbo\symchk_x86>type .\symlist ntkrpamp.pdb,81143165DF564A62956C4EF4CFE2C62F1,1 ntkrnlpa.exe,4a79909125a000,1 C:\xxxxxxx\vodbo\symchk_x86> |
4) Copy the symlist manifest from step 3 over to the "cloud" computer
5) Run symchk.exe on the "cloud" computer pointing it at the symlist manifest and download symbols to C:\win2k3_symbols...
| ntkrnlpa.exe symbol download on the cloud computer wrote: C:\Program Files\Windows Kits\8.0\Debuggers\x86>symchk.exe /im c:\symlist /s SRV*C:\win2k3_symbols*http://msdl.microsoft.com/download/symbols /oi /op /ov /v [SYMCHK] Downloading symbols in manifest c:\symlist from SRV*C:\win2k3_symbols*http://msdl.microsoft.com/download/symbols DBGHELP: Symbol Search Path: SRV*C:\win2k3_symbols*http://msdl.microsoft.com/download/symbols SYMSRV: ntkrpamp.pdb from http://msdl.microsoft.com/download/symbols: 429711 bytes - copied DBGHELP: C:\win2k3_symbols\ntkrpamp.pdb\81143165DF564A62956C4EF4CFE2C62F1\ntkrpamp.pdb - OK SYMCHK: ntkrpamp.pdb [N/A ] DOWNLOADED DBGHELP: Symbol Search Path: SRV*C:\win2k3_symbols*http://msdl.microsoft.com/download/symbols SYMSRV: C:\win2k3_symbols\ntkrnlpa.exe\4a79909125a000\ntkrnlpa.exe not found SYMSRV: http://msdl.microsoft.com/download/symbols/ntkrnlpa.exe/4a79909125a000/ntkrnlpa.exe not found SYMCHK: ntkrnlpa.exe ERROR - Unable to download file. Error reported was 2 SYMCHK: FAILED files = 1 SYMCHK: PASSED + IGNORED files = 1 C:\Program Files\Windows Kits\8.0\Debuggers\x86> |
6) Copy the C:\win2k3_symbols directory contents over to the "island" host's symbol directory C:\WINDOWS\Symbols
7) Open up Process Explorer > Options > Configure Symbols... and point it to the directory where you copied the downloaded symbols from step 5, don't forget to point the dbghelp.dll path to the version you copied over from a computer where you installed Debugging Tools for Windows from.
Edited by R37ribution - 21 hours 46 minutes ago at 8:14pm