之前介绍过如何在RS1 之后的 Windows使用WinDBG做ASL 的Debug。最近我在 RS3 上再次实验发现有如下错误:
6: kd> !amli find _ptsAMLI_DBGERR: failed to read NameSpace root object
该做的动作都做了,但是仍然无法调试。查找资料在【参考1】看到这个问题的可能原因如下
- Checked Acpi.sys和Acpi.pdb文件和debuggee版本不符导致的。
- WinDbg没有load Acpi符号文件,只要.reload即可。
首先检查 Acpi.sys 和系统的版本,匹配无误。接下来就是没有 Load 起来 acpi.pdb的问题了。
运行 .reload 看到下面的信息:
SYMSRV: UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pdb – path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pd_ – path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\file.ptr – path not found
SYMSRV: HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/acpi.pdb
SYMSRV: HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/acpi.pd_
SYMSRV: HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/file.ptr
SYMSRV: HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGHELP: acpi.pdb – file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ACPI.sys –
DBGHELP: ACPI – export symbols
确实无法找到能和我给系统装入的 acpi.sys 匹配的 ACPI.pdb。接下来尝试使用.reload /f 强制更新
结果是仍然无法找到:
SYMSRV: BYINDEX: 0x3B
C:\ProgramData\Dbg\sym
acpi.pdb
63383A79DFA1FA1BCAF8F9BE8ADA117E1
SYMSRV: UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pdb – path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pd_ – path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\file.ptr – path not found
SYMSRV: RESULT: 0x80070003
SYMSRV: BYINDEX: 0x3C
https://msdl.microsoft.com/download/symbols
acpi.pdb
63383A79DFA1FA1BCAF8F9BE8ADA117E1
SYMSRV: UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pdb – path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\acpi.pd_ – path not found
SYMSRV: UNC: C:\ProgramData\Dbg\sym\acpi.pdb\63383A79DFA1FA1BCAF8F9BE8ADA117E1\file.ptr – path not found
SYMSRV: HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/acpi.pdb
SYMSRV: HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/acpi.pd_
SYMSRV: HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND
SYMSRV: HTTPGET: /download/symbols/acpi.pdb/63383A79DFA1FA1BCAF8F9BE8ADA117E1/file.ptr
SYMSRV: HttpQueryInfo: 80190194 – HTTP_STATUS_NOT_FOUND
SYMSRV: RESULT: 0x80190194
DBGHELP: acpi.pdb – file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ACPI.sys –
DBGHELP: ACPI – export symbols
在另外一篇文章【参考2】中,提到了另外的检查方法,使用这个方法检查 ACPI 模块的情况,结果相同,还是没有找到 ACPI.SYS对应的 PDB:
1: kd> !lmi acpiLoaded Module Info: [acpi] Module: ACPI Base Address: fffff80605c50000 Image Name: ACPI.sys Machine Type: 34404 (X64) Time Stamp: 64683d0c (This is a reproducible build file hash, not a true timestamp) Size: 124000 CheckSum: c515bCharacteristics: 22 Debug Data Dirs: Type Size VA Pointer CODEVIEW 21, 7a69c, 7909c RSDS – GUID: {63383A79-DFA1-FA1B-CAF8-F9BE8ADA117E} Age: 1, Pdb: acpi.pdb POGO 208, 7a6c0, 790c0 [Data not mapped] REPRO 0, 0, 0 [Debug data not mapped] Image Type: MEMORY – Image read successfully from loaded memory. Symbol Type: EXPORT – PDB not found Load Report: export symbols
至此,问题很明确:无法找到 acpi.pdb所以无法调试。再回去提供 checked 版本的ACPI.SYS的包中查找,其中提供了 ACPI.PDB。因此,就是说如果我将这个指定给 ACPI.SYS应该就可以继续调试了。直接将这个文件COPY到工作机的Software目录下。
检查当前 symbol 的路径
1: kd> .sympath Symbol search path is: srv*Expanded Symbol search path is: cache*;SRV*https://msdl.microsoft.com/download/symbols
将software 目录添加到symbol 的path下【参考3】
1: kd> .sympath+ C:\software\DBGHELP: Symbol Search Path: cache*;SRV*https://msdl.microsoft.com/download/symbols;c:\software\SYMSRV: BYINDEX: 0x11B C:\ProgramData\Dbg\sym ntkrnlmp.pdb 83DB42404EFD4AB6AFB6FA864B700CB31SYMSRV: PATH: C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\83DB42404EFD4AB6AFB6FA864B700CB31\ntkrnlmp.pdbSYMSRV: RESULT: 0x00000000DBGHELP: C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\83DB42404EFD4AB6AFB6FA864B700CB31\ntkrnlmp.pdb cached to C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\83DB42404EFD4AB6AFB6FA864B700CB31\ntkrnlmp.pdb DBGHELP: nt – public symbols C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\83DB42404EFD4AB6AFB6FA864B700CB31\ntkrnlmp.pdbSymbol search path is: srv*;C:\software\Expanded Symbol search path is: cache*;SRV*https://msdl.microsoft.com/download/symbols;c:\software\ ************* Path validation summary **************Response Time (ms) LocationDeferred srv*OK C:\software\
执行一次 .reload指令,再检查acpi
1: kd> !lmi acpi
Loaded Module Info: [acpi]
Module: ACPI
Base Address: fffff80605c50000
Image Name: ACPI.sys
Machine Type: 34404 (X64)
Time Stamp: 64683d0c (This is a reproducible build file hash, not a true timestamp)
Size: 124000
CheckSum: c515b
Characteristics: 22
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 21, 7a69c, 7909c RSDS – GUID: {63383A79-DFA1-FA1B-CAF8-F9BE8ADA117E}
Age: 1, Pdb: acpi.pdb
POGO 208, 7a6c0, 790c0 [Data not mapped]
REPRO 0, 0, 0 [Debug data not mapped]
Symbol Type: DEFERRED – No error – symbol load deferred
Load Report: no symbols loaded
再次使用命令调试 acpi 就可以正常的工作了
1: kd> !amli dl
0:01:46.655 [ffffca82185a62c0] FinishedContext Context=ffffca821f847010 rc=8004
QTh=0 QCt=0 QFg=00000000
0:01:46.655 [ffffca82185a62c0] QueueWorkItem
QTh=0 QCt=0 QFg=00000000 rc=8004
总结:出现这样的问题应该是我的Win10版本比较特殊,无法在微软公共Server上找到对应的 ACPI.SYS Symbol 所以导致的解析错误。手工加载对应的 PDB 文件即可。
参考:
- http://www.xuebuyuan.com/611480.html
- http://blog.csdn.net/whatday/article/details/7100292
- https://www.2cto.com/kf/201611/562340.html
博主不知哪里能找到check版本的win10,能提供一下链接吗。
以前的 Windows 会有专门的 checked 版本,但是从 Win 8 开始 微软不提供了,取而代之的是一个包含了少数几个关键文件的 iso。我拿到的好像是别人从 msdn 上下载的。我没有具体链接。
您好,
首先謝謝您的說明,問題解決了。
步驟:
1.把 acpi.pdb 複製到 X:\Symbols\pdb
2. kd> .sympth+X:\Symbols\pdb
3. kd>.reload /f
請問MSDN 要哪個級別訂閱才有這個下載link?
目前登入只有 Windows 10 1511 的Checked Build
我问了一下我们这边的人,他们都是公司订阅的,不知道msdn 级别这个事情.