Hello,

I've got a bit of a problem here. A problem with ntoskrnl symbols .. i've downloaded the symbol package for winxp sp2 from m$ site and retrieved the ntoskrnl NMS with the symbol retriever.. BUT when i load the nms file to softice i get a message that the symbols are newer than the module (dunno why .. the system is xp sp2 and the symbols are also for win xp sp2 ..) and when i try looking at the IDT i see this:


i thought 0003 is breakpoint exception not _PopProcessorInformation+0129 ?
does anyone have any idea why this is happening and how to fix this ?

regards,
smoke

The symbols are probably incorrect. I just tried that address on my machine, and got somewhere inside PopThermalUpdateThrottle too. I have had this problem downloading symbol packs before. The best way that I know of to get the correct symbols for a given MS module is to load that module as a crash dump in WinDbg - if the symbol server path is correctly set to the MS symbol server, WinDbg will automatically download the correct PDB file for that module. Then doing 'lm' will give you the path to that file. It can be a pain, but generally WinDbg is good for getting debug information.

Though, I don't know what the integration for PDB and stuff like that is with SoftICE, I only use WinDbg for kernel mode stuff nowadays.

I remember the same problems with Win2ksp4, the downloadable symbol "package" didn't match the OS, at least for ntoskrnl. Do like autarky suggests and let WinDbg or Softice (with an updated symsrv.dll) do the work for you and just get the symbols you need. Besides, do you really want the symbols for calc.exe?

kayaker
where are you hiding your sources for the crystal ball why dont you opensource it

actually guys i have already tried letting softice (not windbg) to download the symbols. i loaded the ntoskrnl.exe to symbol loader and then pressed "Download". but i didnt get the right symbols.. :/ (i do have the latest symsrv.dll )

regards,
smoke

I just came across the following tool - it provides shell integration for the downloading of MS symbol files. Pretty handy.

http://www.vitoplantamura.com/index.aspx?page=symretriever

There's also some other cool stuff on that site.

Alternatively, you could do what I did and write a one line batch-file that uses symchk.exe to grab the symbols for the target file and copy it to your Send To menu. Tada! Instant shell-integration!

is symcheck.exe available as a seperate download i mean a small redistributable package without having to install windbg ?

i looked sometime back but didnt find one

anyway if we are talking about standalone retriever

then this did its job several times for me

http://debuginfo.com/tools/symget.html

Not from microsoft.com, I don't believe. You could always do one of the following though if you only want symchk --

1. Install windbg. Copy symchk. Uninstall windbg.
2. Install windbg in virtual machine. Copy symchk to host. Delete VM.
3. WinRAR might be able to extract symchk directly from the installer's .exe.