WinDBG 做 APCI debug 后续

之前介绍过如何在RS1 之后的 Windows使用WinDBG做ASL 的Debug。最近我在 RS3 上再次实验发现有如下错误:

6: kd> !amli find _ptsAMLI_DBGERR: failed to read NameSpace root object

该做的动作都做了,但是仍然无法调试。查找资料在【参考1】看到这个问题的可能原因如下

  1. Checked Acpi.sys和Acpi.pdb文件和debuggee版本不符导致的。
  2. WinDbg没有load Acpi符号文件,只要.reload即可。

首先检查 Acpi.sys 和系统的版本,匹配无误。接下来就是没有 Load 起来 acpi.pdb的问题了。

运行 .reload 看到下面的信息:

SYMSRV:  UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pdb – path not found

SYMSRV:  UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pd_ – path not found

SYMSRV:  UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\file.ptr – path not found

SYMSRV:  HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/acpi.pdb

 

SYMSRV:  HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND

SYMSRV:  HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/acpi.pd_

SYMSRV:  HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND

SYMSRV:  HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/file.ptr

 

SYMSRV:  HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND

SYMSRV:  RESULT: 0x80190194

DBGHELP: acpi.pdb – file not found

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ACPI.sys –

DBGHELP: ACPI – export symbols

 

确实无法找到能和我给系统装入的 acpi.sys 匹配的 ACPI.pdb。接下来尝试使用.reload /f 强制更新

结果是仍然无法找到:

SYMSRV:  BYINDEX: 0x3B

C:\ProgramData\Dbg\sym

acpi.pdb

63383A79DFA1FA1BCAF8F9BE8ADA117E1

SYMSRV:  UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pdb – path not found

SYMSRV:  UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pd_ – path not found

SYMSRV:  UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\file.ptr – path not found

SYMSRV:  RESULT: 0x80070003

SYMSRV:  BYINDEX: 0x3C

https://msdl.microsoft.com/download/symbols

acpi.pdb

63383A79DFA1FA1BCAF8F9BE8ADA117E1

SYMSRV:  UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pdb – path not found

SYMSRV:  UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pd_ – path not found

SYMSRV:  UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\file.ptr – path not found

SYMSRV:  HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/acpi.pdb

SYMSRV:  HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND

SYMSRV:  HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/acpi.pd_

SYMSRV:  HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND

SYMSRV:  HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/file.ptr

 

SYMSRV:  HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND

SYMSRV:  RESULT: 0x80190194

DBGHELP: acpi.pdb – file not found

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ACPI.sys –

DBGHELP: ACPI – export symbols

 

在另外一篇文章【参考2】中,提到了另外的检查方法,使用这个方法检查 ACPI 模块的情况,结果相同,还是没有找到 ACPI.SYS对应的 PDB:

1: kd> !lmi acpiLoaded Module Info: [acpi]          Module: ACPI   Base Address: fffff80605c50000     Image Name: ACPI.sys   Machine Type: 34404 (X64)     Time Stamp: 64683d0c (This is a reproducible build file hash, not a true timestamp)           Size: 124000       CheckSum: c515bCharacteristics: 22  Debug Data Dirs: Type  Size     VA  Pointer             CODEVIEW    21, 7a69c,   7909c RSDS – GUID: {63383A79-DFA1-FA1B-CAF8-F9BE8ADA117E}               Age: 1, Pdb: acpi.pdb                 POGO   208, 7a6c0,   790c0 [Data not mapped]                REPRO     0,     0,       0  [Debug data not mapped]     Image Type: MEMORY   – Image read successfully from loaded memory.    Symbol Type: EXPORT   – PDB not found    Load Report: export symbols

 

至此,问题很明确:无法找到 acpi.pdb所以无法调试。再回去提供 checked 版本的ACPI.SYS的包中查找,其中提供了 ACPI.PDB。因此,就是说如果我将这个指定给 ACPI.SYS应该就可以继续调试了。直接将这个文件COPY到工作机的Software目录下。

 

检查当前 symbol 的路径

1: kd> .sympath Symbol search path is: srv*Expanded Symbol search path is: cache*;SRV*https://msdl.microsoft.com/download/symbols

 

将software 目录添加到symbol 的path下【参考3】

 

1: kd> .sympath+ C:\software\DBGHELP: Symbol Search Path: cache*;SRV*https://msdl.microsoft.com/download/symbols;c:\software\SYMSRV:  BYINDEX: 0x11B         C:\ProgramData\Dbg\sym         ntkrnlmp.pdb         83DB42404EFD4AB6AFB6FA864B700CB31SYMSRV:  PATH: C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\83DB42404EFD4AB6AFB6FA864B700CB31\ntkrnlmp.pdbSYMSRV:  RESULT: 0x00000000DBGHELP: C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\83DB42404EFD4AB6AFB6FA864B700CB31\ntkrnlmp.pdb cached to C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\83DB42404EFD4AB6AFB6FA864B700CB31\ntkrnlmp.pdb DBGHELP: nt – public symbols          C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\83DB42404EFD4AB6AFB6FA864B700CB31\ntkrnlmp.pdbSymbol search path is: srv*;C:\software\Expanded Symbol search path is: cache*;SRV*https://msdl.microsoft.com/download/symbols;c:\software\ ************* Path validation summary **************Response                         Time (ms)     LocationDeferred                                       srv*OK                                             C:\software\

执行一次 .reload指令,再检查acpi

1: kd> !lmi acpi

Loaded Module Info: [acpi]

Module: ACPI

Base Address: fffff80605c50000

Image Name: ACPI.sys

Machine Type: 34404 (X64)

Time Stamp: 64683d0c (This is a reproducible build file hash, not a true timestamp)

Size: 124000

CheckSum: c515b

Characteristics: 22

Debug Data Dirs: Type  Size     VA  Pointer

CODEVIEW    21, 7a69c,   7909c RSDS – GUID: {63383A79-DFA1-FA1B-CAF8-F9BE8ADA117E}

Age: 1, Pdb: acpi.pdb

POGO   208, 7a6c0,   790c0 [Data not mapped]

REPRO     0,     0,       0  [Debug data not mapped]   

Symbol Type: DEFERRED – No error – symbol load deferred   

Load Report: no symbols loaded

 

再次使用命令调试 acpi 就可以正常的工作了

 

1: kd> !amli dl

0:01:46.655 [ffffca82185a62c0] FinishedContext       Context=ffffca821f847010 rc=8004

QTh=0 QCt=0 QFg=00000000

 

0:01:46.655 [ffffca82185a62c0] QueueWorkItem

QTh=0 QCt=0 QFg=00000000 rc=8004

总结:出现这样的问题应该是我的Win10版本比较特殊,无法在微软公共Server上找到对应的 ACPI.SYS Symbol 所以导致的解析错误。手工加载对应的 PDB 文件即可。

参考:

  1. http://www.xuebuyuan.com/611480.html
  2. http://blog.csdn.net/whatday/article/details/7100292
  3. https://www.2cto.com/kf/201611/562340.html

 

WinDBG 做 APCI debug 后续》上有 2 条评论

    1. ziv2013 文章作者

      以前的 Windows 会有专门的 checked 版本,但是从 Win 8 开始 微软不提供了,取而代之的是一个包含了少数几个关键文件的 iso。我拿到的好像是别人从 msdn 上下载的。我没有具体链接。

      回复

发表评论

电子邮件地址不会被公开。 必填项已用*标注