Additional Symbol Files

Form time to time some PDB files become missing or unavailable for download from Microsoft symbol server. For example, customers of our training courses recently reported that the stack trace from Exercise 0 in Accelerated Windows Memory Dump Analysis, Fourth Edition and Advanced Windows Memory Dump Analysis, Third Edition was incorrect:

0:000> .symfix c:\mss

0:000> .reload
..........*** ERROR: Symbol file could not be found.  Defaulted to export symbols for user32.dll -
....................


************* Symbol Loading Error Summary **************
Module name            Error
user32                 0x80190194 - Not found (404). : SRV*c:\mss*https://msdl.microsoft.com/download/symbols


You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.

0:000> k
 # Child-SP          RetAddr           Call Site
00 000000b4`520dfd48 00007ffa`e57cf8e5 user32!InvalidateRect+0x2a
01 000000b4`520dfd50 00007ff6`c5b33470 user32!GetMessageW+0x25
02 000000b4`520dfd80 00007ff6`c5b441f5 notepad!WinMain+0x178
03 000000b4`520dfe00 00007ffa`e3b42d92 notepad!WinMainCRTStartup+0x1c5
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
04 000000b4`520dfec0 00007ffa`e5bc9f64 kernel32!BaseThreadInitThunk+0x22
05 000000b4`520dfef0 00000000`00000000 ntdll!RtlUserThreadStart+0x34

In such a case you need to download the missing PDB files for ntdll.dll and user32.dll.

You can create folders c:\mss\ntdll.pdb\898E017CDF3D45BD9F2FC05A0BB490961 and c:\mss\user32.pdb\482B9651A0D04CAB82C3BFD6A9B60E471 and copy corresponding PDB files from archives there, then reload symbols via .reload command. Alternatively, you can create a separate folder and point to it via .sympath+ command, for example:

0:000> .sympath+ c:\AWMA-Dumps\missing
Symbol search path is: srv*;c:\AWMA-Dumps\missing
Expanded Symbol search path is: SRV*c:\mss*https://msdl.microsoft.com/download/symbols;c:\awma-dumps\missing


************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
OK                                             c:\AWMA-Dumps\missing

0:000> .reload
..............................


0:000> k
 # Child-SP          RetAddr           Call Site
00 000000b4`520dfd48 00007ffa`e57cf8e5 user32!NtUserGetMessage+0xa
01 000000b4`520dfd50 00007ff6`c5b33470 user32!GetMessageW+0x25
02 000000b4`520dfd80 00007ff6`c5b441f5 notepad!WinMain+0x178
03 000000b4`520dfe00 00007ffa`e3b42d92 notepad!WinMainCRTStartup+0x1c5
04 000000b4`520dfec0 00007ffa`e5bc9f64 kernel32!BaseThreadInitThunk+0x22
05 000000b4`520dfef0 00000000`00000000 ntdll!RtlUserThreadStart+0x34