最近对蓝屏dump的分析表明,nt模块无法加载符号表,其他系统驱动的符号表可以正常加载
3: KD.reload/fntunabletoloadimagentoskrnl.exe,win32 error 0n2* * * warning : unabletoverifytimestampforntoskrnl.wing
3: kd! symnoisynoisymode-symbolpromptson : KD.reload/fntsymsrv : d :my symbolntoskrnl.exe 56 bcc 7865 EC 000 noskrnl.exenotfoundsymsrv :3358 msdl.Microsoft.com/download/symbols/ntoskrnl.exe/56 bcc 7865 EC 000/ntoskrnl my nkrnlup.exenotfoundsymsrv :3358 msdl.Microsoft.com/download/symbols/ntkrnlup.exe/56 bcc 7865 EC 000/ntkrnlup my nkrnlpa.exenotfoundsymsrv :3358 msdl.Microsoft.com/download/symbols/ntkrnlpa.exe/56 bcc 7865 EC 000/ntkrnlpa my nkrnlmp.exenotfoundsymsrv :3358 msdl.Microsoft.com/download/symbols/ntkrnlmp.exe/56 bcc 7865 EC 000/ntkrnlmp my ntkrpamp.exenotfoundsymsrv 3360http://msdl.Microsoft.com/download/symbols/ntkrpamp.exe/56 bcc 7865 EC 000/ntkrpamp.exenotfoundbghelp : c : jsdblfiles (x86 )引以为豪的洋葱tools for windows (x86 ) ) ) ) ) ) ) es(x86 )冷彻的洋葱tools for windows (x86 ) ) ) ) ) ) ) 652 nkrnlup.exe-file not found dbghelp : c 33330 ) ) ) 65 nkrnlpa.exe-file not found dbghelp : c : jsdblfiles (x86 ) jsdblfiles (x86 )冷静的洋葱toolsforwindows ) ) ) ) ) ) c:jsDBLfiles(x86 )冷静的洋葱tools for windows (x86 (ntkrpamp.exe-file not found dows ) ) ntkrpamp.exe-fileno tfou my noskrnl.exenotfoundsymsrv :3358 msdl.Microsoft.com/download/symbols/ntoskrnl.exe/56 bcc 7865 EC 000/ntoskrnl my nkrnlup.exenotfoundsymsrv :3358 msdl.Microsoft.com/download/symbols/ntkrnlup.exe/56 bcc 7865 EC 000/ntkrnlup my nkrnlpa.exenotfoundsymsrv :3358 msdl.Microsoft.com/download/symbols/ntkrnlpa.exe/56 bcc 7865 EC 000/ntkrnlpa my nkrnlmp.exenotfoundsymsrv :3358 msdl.Microsoft.com/download/symbols/ntkrnlmp.exe/56 bcc 7865 EC 000/ntkrnlmp my ntkrpamp.exenotfoundsymsrv 3360http://msdl.Microsoft.com/download/symbols/ntkrpamp.exe/56 bcc 7865 EC 000/nkr Pamp.exenotfounddbgeng : ntoskrnl.exe-imagemappingdisallowedbynon-local path.unabletoloadimagentoskrnl.exe, win32 error0N2 dbgeng : ntoskrnl.exe-partialsymbolimageloadmissingimageinfodbghelp : noheaderforntoskrnl.exe.search id ntoskrnl.dbg-file not found dbghelp : exentoskrnl.dbg-pathnotfounddbghelp 3360. sym bool p noskrnl.dbg-pathnotfoundbghelp : ntoskrnl.exemissingdebuginfo.searchingforpdbanywaydbghelp : can ' tusesysesystestesystestestestinan vailabledbghelp : ntoskrnl.PD B-file not found * * warning 3360 unabletoverifytimestampforntoskrnning error : moduleloadcompletedbutsymbolscouldnotbeloadedforntoskrnl.exe dbgheled 因为知道可以正确加载到提取对方电脑的ntoskrnl.exe用iii的符号表中,所以将提取的ntoskrnl.exe放在windbg找到的路径上。 示例:
symsrv : d :my symbolntoskrnl.exe56 bcc 7865 EC 000 ntoskrnl.exe not found结果这次终于成功加载
3: KD.reload/fnt dbghelp : d :my symbolntoskrnl.exe56 bcc 7865 EC 00 ntoskrnl.exe-ok dbgeng 3360 d 3360 d ntoskrnl.exe-mappedimagememorydbghelp : nt-publicsymbolsd :my symbolntkrnlmp.pdb D7 eaaa