Crash dump - WinDbg - force PDB files to match doesn't work?

debugging windbg symbols crash-dumps
17,292

Solution 1

Have you tried .reload /i foo.dll ?

For verbose output try:

!sym noisy;.reload /i foo.dll;x foo!*test*

Solution 2

Try chkmatch (http://debuginfo.com/tools/chkmatch.html) - it's able to override signatures in pdb file so exe and pdb will match. Also, some time ago I wrote a post about checking pdb files "offline", maybe you will find there something useful: http://lowleveldesign.wordpress.com/2011/12/09/pdb-file-out-of-debugger/.

Solution 3

Its unfortunate that you do not have the matching symbols for your DLL :(. As per my understanding, any attempt now will not be able to get you an exact matching PDB.

Recycling some old threads which should help :

Is it possible to (re)create a PDB file after a DLL is made

Tool to find if dll (or) exe and PDB file match

Your best bet would be

a. sync your code back to the time when the DLL was released

b. build and create PDB using the same tool set.

c. use .reload /i option to load symbols

Share:
17,292
JosephA
Author by

JosephA

Development Engineer at Datalogics.

Updated on June 02, 2022

Comments

  • JosephA
    JosephA almost 2 years

    I have a crash dump for a customer's application built with a very old version of our dll (release build, don't have original symbols) that I've been analyzing in WinDbg.

    In order to get more information, I rebuilt the dll in release mode, with symbols this time, using the same compiler version and I believe the same settings as when the dll was originally built. I added the symbol file to my symbol path, but the WinDbg extension !itoldyouso tells me the module in the dump doesn't match the PDB file. Enabling SYMOPT_LOAD_ANYTHING doesn't help either.

    !itoldyouso tells me they don't match because the module has no pdb sig (value 0), versus the recreated symbol file I made (with a valid pdb sig). How do I get them to match?

  • JosephA
    JosephA about 10 years
    Yes, it loads the symbols of foo, but in the verbose output I see the mismatch reported as well: "DBGENG: foo.dll has mismatched symbols - type ".hh dbgerr003" for details"
  • Marc Sherman
    Marc Sherman about 10 years
    Of course they will be reported as mismatched because they were not built when the DLL was built. But as long as you use the same compiler and setting (which you mentioned) AND the source code has not changed at all, then the symbols should work.
  • JosephA
    JosephA about 10 years
    I suppose I was operating on the assumption unless I have a match I simply can't trust the call stack, though maybe as you said they will never match, but perhaps despite that I can still have a mostly valid call stack.
  • Gabe
    Gabe about 9 years
    Why does this work? That is, what does /i signify?
  • Marc Sherman
    Marc Sherman about 9 years
    From Windbg's Help: "Ignores a mismatch in the .pdb file versions."
  • Adrian McCarthy
    Adrian McCarthy almost 5 years
    It's a great suggestion, but chkmatch -m will likely fail if the age fields are different, which seems likely here. The binary probably has 0 for the PDB signature and the age. chkmatch won't change the GUID if the ages don't match, and the age in the PDB is almost certainly not 0.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

In windbg, what can cause the message "WARNING: Unable to verify timestamp for mydll.dll"?
ERROR: Symbol file could not be found. windbg.exe
Detailed memory usage analysis of windows crash dump file?
WinDbg symbol resolution
Decoding the parameters of a thrown C++ exception (0xE06D7363)
windbg first connect then stuck on "Debuggee not connected." message during kernel debugging
Process information in dump
Windbg crash dump analysis
WinDbg not showing useful information
WinDBG - Finding the actual (unmanaged) exception