Windows 10 !进程0-NT符号不正确,请修复符号
我在使用Windows 10 !进程0-NT符号不正确,请修复符号,windows-10,windbg,Windows 10,Windbg,我在使用时也会遇到同样的错误!每次处理0 0——无论是否处于内核调试模式,似乎都不会改变任何事情 这是打开notepad.exe时的命令链 Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: C:\Windows\System32\notepad.exe *************
时也会遇到同样的错误!每次处理0 0Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: C:\Windows\System32\notepad.exe
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
DBGHELP: Symbol Search Path: cache*;SRV*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*
Executable search path is:
ModLoad: 00007ff6`27eb0000 00007ff6`27ee8000 notepad.exe
ModLoad: 00007ffe`fb890000 00007ffe`fba86000 ntdll.dll
ModLoad: 00007ffe`f9990000 00007ffe`f9a4d000 C:\WINDOWS\System32\KERNEL32.DLL
ModLoad: 00007ffe`f90b0000 00007ffe`f9379000 C:\WINDOWS\System32\KERNELBASE.dll
ModLoad: 00007ffe`fb820000 00007ffe`fb84a000 C:\WINDOWS\System32\GDI32.dll
ModLoad: 00007ffe`f8fd0000 00007ffe`f8ff2000 C:\WINDOWS\System32\win32u.dll
ModLoad: 00007ffe`f9580000 00007ffe`f968b000 C:\WINDOWS\System32\gdi32full.dll
ModLoad: 00007ffe`f9380000 00007ffe`f941d000 C:\WINDOWS\System32\msvcp_win.dll
ModLoad: 00007ffe`f9420000 00007ffe`f9520000 C:\WINDOWS\System32\ucrtbase.dll
ModLoad: 00007ffe`faff0000 00007ffe`fb190000 C:\WINDOWS\System32\USER32.dll
ModLoad: 00007ffe`fa110000 00007ffe`fa466000 C:\WINDOWS\System32\combase.dll
ModLoad: 00007ffe`fb440000 00007ffe`fb56b000 C:\WINDOWS\System32\RPCRT4.dll
ModLoad: 00007ffe`fadc0000 00007ffe`fae6e000 C:\WINDOWS\System32\shcore.dll
ModLoad: 00007ffe`fa4d0000 00007ffe`fa56e000 C:\WINDOWS\System32\msvcrt.dll
ModLoad: 00007ffe`e2d70000 00007ffe`e300b000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.746_none_ca02b4b61b8320a4\COMCTL32.dll
(1208.ff0): Break instruction exception - code 80000003 (first chance)
SYMSRV: BYINDEX: 0x1
C:\ProgramData\Dbg\sym
ntdll.pdb
432F2B8588C52E47219EE25E35F653491
SYMSRV: PATH: C:\ProgramData\Dbg\sym\ntdll.pdb\432F2B8588C52E47219EE25E35F653491\ntdll.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: ntdll - public symbols
C:\ProgramData\Dbg\sym\ntdll.pdb\432F2B8588C52E47219EE25E35F653491\ntdll.pdb
ntdll!LdrpDoDebuggerBreak+0x30:
00007ffe`fb960670 cc int 3
.sympath0:000> .sympath
Symbol search path is: srv*
Expanded Symbol search path is: cache*;SRV*https://msdl.microsoft.com/download/symbols
************* Path validation summary **************
Response Time (ms) Location
Deferred
0:000> .reload
Reloading current modules
...............SYMSRV: BYINDEX: 0x3
C:\ProgramData\Dbg\sym
ntdll.pdb
432F2B8588C52E47219EE25E35F653491
SYMSRV: PATH: C:\ProgramData\Dbg\sym\ntdll.pdb\432F2B8588C52E47219EE25E35F653491\ntdll.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: ntdll - public symbols
C:\ProgramData\Dbg\sym\ntdll.pdb\432F2B8588C52E47219EE25E35F653491\ntdll.pdb
0:000> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
Could not get address of nt!KdVersionBlock.
unable to get nt!MmUserProbeAddress
NT symbols are incorrect, please fix symbols
.reload0:000> .sympath
Symbol search path is: srv*
Expanded Symbol search path is: cache*;SRV*https://msdl.microsoft.com/download/symbols
************* Path validation summary **************
Response Time (ms) Location
Deferred
0:000> .reload
Reloading current modules
...............SYMSRV: BYINDEX: 0x3
C:\ProgramData\Dbg\sym
ntdll.pdb
432F2B8588C52E47219EE25E35F653491
SYMSRV: PATH: C:\ProgramData\Dbg\sym\ntdll.pdb\432F2B8588C52E47219EE25E35F653491\ntdll.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: ntdll - public symbols
C:\ProgramData\Dbg\sym\ntdll.pdb\432F2B8588C52E47219EE25E35F653491\ntdll.pdb
0:000> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
Could not get address of nt!KdVersionBlock.
unable to get nt!MmUserProbeAddress
NT symbols are incorrect, please fix symbols
!处理0 00:000> .sympath
Symbol search path is: srv*
Expanded Symbol search path is: cache*;SRV*https://msdl.microsoft.com/download/symbols
************* Path validation summary **************
Response Time (ms) Location
Deferred
0:000> .reload
Reloading current modules
...............SYMSRV: BYINDEX: 0x3
C:\ProgramData\Dbg\sym
ntdll.pdb
432F2B8588C52E47219EE25E35F653491
SYMSRV: PATH: C:\ProgramData\Dbg\sym\ntdll.pdb\432F2B8588C52E47219EE25E35F653491\ntdll.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: ntdll - public symbols
C:\ProgramData\Dbg\sym\ntdll.pdb\432F2B8588C52E47219EE25E35F653491\ntdll.pdb
0:000> !process 0 0
**** NT ACTIVE PROCESS DUMP ****
Could not get address of nt!KdVersionBlock.
unable to get nt!MmUserProbeAddress
NT symbols are incorrect, please fix symbols
sym\ntdll.pdb编辑-有关请求的详细信息:
0:000> !lmi nt
Loaded Module Info: [nt]
DBGHELP: SharedUserData - virtual symbol module
nt not found
0:000> vertarget
Windows 10 Version 19042 MP (16 procs) Free x64
Product: WinNt, suite: SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Build layer: ->
Build layer: ->
Build layer: ->
Machine Name:
Debug session time: Wed Mar 10 18:26:22.757 2021 (UTC + 1:00)
System Uptime: 0 days 14:38:24.474
Process Uptime: 0 days 0:00:51.162
Kernel time: 0 days 0:00:00.015
User time: 0 days 0:00:00.000
0:000> lm
start end module name
00007ff6`54910000 00007ff6`54948000 notepad (deferred)
00007ffe`f9c40000 00007ffe`f9eda000 COMCTL32 (deferred)
00007fff`09350000 00007fff`09372000 win32u (deferred)
00007fff`09540000 00007fff`095dd000 msvcp_win (deferred)
00007fff`09690000 00007fff`09959000 KERNELBASE (deferred)
00007fff`099e0000 00007fff`09ae0000 ucrtbase (deferred)
00007fff`09b30000 00007fff`09c3b000 gdi32full (deferred)
00007fff`09c70000 00007fff`09d0e000 msvcrt (deferred)
00007fff`09e20000 00007fff`09ece000 shcore (deferred)
00007fff`0a8d0000 00007fff`0a98d000 KERNEL32 (deferred)
00007fff`0aa60000 00007fff`0aa8a000 GDI32 (deferred)
00007fff`0aad0000 00007fff`0ac70000 USER32 (deferred)
00007fff`0ad00000 00007fff`0ae2b000 RPCRT4 (deferred)
00007fff`0b810000 00007fff`0bb65000 combase (deferred)
00007fff`0bc10000 00007fff`0be05000 ntdll (pdb symbols) C:\ProgramData\Dbg\sym\ntdll.pdb\53F12BFE149A2F50205C8D5D66290B481\ntdll.pdb
0:000> .reload /f nt
"nt" was not found in the image list.
Debugger will attempt to load "nt" at given base 00000000`00000000.
Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.
SYMSRV: BYINDEX: 0xD
C:\ProgramData\Dbg\sym
nt
FFFFFFFE
SYMSRV: UNC: C:\ProgramData\Dbg\sym\nt\FFFFFFFE\nt - path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\nt\FFFFFFFE\n_ - path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\nt\FFFFFFFE\file.ptr - path not found
SYMSRV: RESULT: 0x80070003
SYMSRV: BYINDEX: 0xE
C:\ProgramData\Dbg\sym*https://msdl.microsoft.com/download/symbols
nt
FFFFFFFE
SYMSRV: UNC: C:\ProgramData\Dbg\sym\nt\FFFFFFFE\nt - path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\nt\FFFFFFFE\n_ - path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\nt\FFFFFFFE\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/nt/FFFFFFFE/nt
SYMSRV: HttpQueryInfo(HTTP_QUERY_CONTENT_LENGTH): 800C2F76 - ERROR_HTTP_HEADER_NOT_FOUND
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/nt/FFFFFFFE/n_
SYMSRV: HttpQueryInfo(HTTP_QUERY_CONTENT_LENGTH): 800C2F76 - ERROR_HTTP_HEADER_NOT_FOUND
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/nt/FFFFFFFE/file.ptr
SYMSRV: HttpQueryInfo(HTTP_QUERY_CONTENT_LENGTH): 800C2F76 - ERROR_HTTP_HEADER_NOT_FOUND
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGHELP: C:\WINDOWS\system32\nt - file not found
SYMSRV: BYINDEX: 0xF
https://msdl.microsoft.com/download/symbols
nt
FFFFFFFE
SYMSRV: UNC: C:\ProgramData\Dbg\sym\nt\FFFFFFFE\nt - path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\nt\FFFFFFFE\n_ - path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\nt\FFFFFFFE\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/nt/FFFFFFFE/nt
SYMSRV: HttpQueryInfo(HTTP_QUERY_CONTENT_LENGTH): 800C2F76 - ERROR_HTTP_HEADER_NOT_FOUND
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/nt/FFFFFFFE/n_
SYMSRV: HttpQueryInfo(HTTP_QUERY_CONTENT_LENGTH): 800C2F76 - ERROR_HTTP_HEADER_NOT_FOUND
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/nt/FFFFFFFE/file.ptr
SYMSRV: HttpQueryInfo(HTTP_QUERY_CONTENT_LENGTH): 800C2F76 - ERROR_HTTP_HEADER_NOT_FOUND
SYMSRV: HttpQueryInfo: 80190194 - HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGENG: nt - Image mapping disallowed by non-local path.
DBGHELP: No header for nt. Searching for dbg file
DBGHELP: .\nt.dbg - file not found
DBGHELP: nt missing debug info. Searching for pdb anyway
DBGHELP: Can't use symbol server for nt.pdb - no header information available
DBGHELP: nt.pdb - file not found
*** WARNING: Unable to verify timestamp for nt
*** ERROR: Module load completed but symbols could not be loaded for nt
DBGHELP: nt_0 - no symbols loaded
Unable to add module at 00000000`00000000
0:000>!lmi nt
加载的模块信息:[nt]
DBGHELP:SharedUserData-虚拟符号模块
找不到新台币
0:000>垂直目标
Windows 10版本19042 MP(16进程)免费x64
产品:WinNt,套件:SingleUsers
版本构建实验室:19041.1.amd64fre.vb_release.191206-1406
构建层:->
构建层:->
构建层:->
计算机名称:
调试会话时间:周三3月10日18:26:22.757 2021(UTC+1:00)
系统正常运行时间:0天14:38:24.474
进程正常运行时间:0天0:00:51.162
内核时间:0天0:00:00.015
用户时间:0天0:00:00.000
0:000>lm
起始端模块名称
00007ff6`54910000 00007ff6`54948000记事本(延期)
00007ffe`f9c40000 00007ffe`f9eda000 COMCTL32(递延)
00007fff`09350000 00007fff`09372000 win32u(延迟)
00007fff`09540000 00007fff`095dd000 msvcp_赢(延期)
00007fff`09690000 00007fff`09959000内核库(递延)
00007fff`099e0000 00007fff`09ae0000 ucrtbase(递延)
00007fff`09b30000 00007fff`09c3b000 GDI32满(延期)
00007fff`09c70000 00007fff`09d0e000 msvcrt(延期)
00007fff`09e20000 00007fff`09ece000 shcore(递延)
00007fff`0a8d0000 00007fff`0a98d000内核32(延迟)
00007fff`0aa60000 00007fff`0aa8a000 GDI32(递延)
00007fff`0aad0000 00007fff`0ac70000用户32(延期)
00007fff`0ad00000 00007fff`0ae2b000 RPCRT4(递延)
00007fff`0b810000 00007fff`0bb65000 combase(递延)
00007fff`0bc10000 00007fff`0be05000 ntdll(pdb符号)C:\ProgramData\Dbg\sym\ntdll.pdb\53F12BFE149A2F50205C8D5D66290B481\ntdll.pdb
0:000>。重新加载/f nt
在图像列表中找不到“nt”。
调试器将尝试以给定的基准00000000`00000000加载“nt”。
请提供完整的映像名,包括扩展名(即kernel32.dll)
为了获得更可靠的结果,基址和大小覆盖可以如下所示
.reload=,。
SYMSRV:BYINDEX:0xD
C:\ProgramData\Dbg\sym
新界
FFFFFFE
SYMSRV:UNC:C:\ProgramData\Dbg\sym\nt\FFFFF E\nt-未找到路径
SYMSRV:UNC:C:\ProgramData\Dbg\sym\nt\FFFFFFF E\n\u未找到路径
SYMSRV:UNC:C:\ProgramData\Dbg\sym\nt\FFFFF E\file.ptr-找不到路径
SYMSRV:结果:0x80070003
SYMSRV:BYINDEX:0xE
C:\ProgramData\Dbg\sym*https://msdl.microsoft.com/download/symbols
新界
FFFFFFE
SYMSRV:UNC:C:\ProgramData\Dbg\sym\nt\FFFFF E\nt-未找到路径
SYMSRV:UNC:C:\ProgramData\Dbg\sym\nt\FFFFFFF E\n\u未找到路径
SYMSRV:UNC:C:\ProgramData\Dbg\sym\nt\FFFFF E\file.ptr-找不到路径
SYMSRV:HTTPGET:/download/symbols/nt/fffffff e/nt
SYMSRV:HttpQueryInfo(HTTP\u查询\u内容\u长度):800C2F76-错误\u未找到HTTP\u头\u
SYMSRV:HttpQueryInfo:80190194-未找到HTTP\u状态\u
SYMSRV:HTTPGET:/download/symbols/nt/fffffff e/n_
SYMSRV:HttpQueryInfo(HTTP\u查询\u内容\u长度):800C2F76-错误\u未找到HTTP\u头\u
SYMSRV:HttpQueryInfo:80190194-未找到HTTP\u状态\u
SYMSRV:HTTPGET:/download/symbols/nt/fffffff e/file.ptr
SYMSRV:HttpQueryInfo(HTTP\u查询\u内容\u长度):800C2F76-错误\u未找到HTTP\u头\u
SYMSRV:HttpQueryInfo:80190194-未找到HTTP\u状态\u
SYMSRV:结果:0x80190194
DBGHELP:C:\WINDOWS\system32\nt-找不到文件
SYMSRV:BYINDEX:0xF
https://msdl.microsoft.com/download/symbols
新界
FFFFFFE
SYMSRV:UNC:C:\ProgramData\Dbg\sym\nt\FFFFF E\nt-未找到路径
SYMSRV:UNC:C:\ProgramData\Dbg\sym\nt\FFFFFFF E\n\u未找到路径
SYMSRV:UNC:C:\ProgramData\Dbg\sym\nt\FFFFF E\file.ptr-找不到路径
SYMSRV:HTTPGET:/download/symbols/nt/fffffff e/nt
SYMSRV:HttpQueryInfo(HTTP\u查询\u内容\u长度):800C2F76-错误\u未找到HTTP\u头\u
SYMSRV:HttpQueryInfo:80190194-未找到HTTP\u状态\u
SYMSRV:HTTPGET:/download/symbols/nt/fffffff e/n_
SYMSRV:HttpQueryInfo(HTTP\u查询\u内容\u长度):800C2F76-错误\u未找到HTTP\u头\u
SYMSRV:HttpQueryInfo:80190194-未找到HTTP\u状态\u
SYMSRV:HTTPGET:/download/symbols/nt/fffffff e/file.ptr
SYMSRV:HttpQueryInfo(HTTP\u查询\u内容\u长度):800C2F76-错误\u未找到HTTP\u头\u
SYMSRV:HttpQueryInfo:80190194-未找到HTTP\u状态\u
SYMSRV:结果:0x80190194
DBGENG:nt-非本地路径不允许图像映射。
DBGHELP:nt没有头。搜索dbg文件
DBGHELP:。\nt.dbg-找不到文件
DBGHELP:nt缺少调试信息。还是在搜索pdb
DBGHELP:无法将符号服务器用于nt.pdb-没有可用的头信息
DBGHELP:nt.pdb-找不到文件
***警告:无法验证nt的时间戳
***错误:模块加载已完成,但无法为nt加载符号
DBGHELP:nt_0-未加载符号
无法在00000000`00000000添加模块
!进程0 0!pte设置流程上下文。流程/p pid列出的流程id!处理0 0使用
!vtopdirectoryBase一起列出!进程0 0nt