Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

library needs at least debugging symbols for the ntdll.dll #4

Closed
xambroz opened this issue Aug 2, 2015 · 4 comments
Closed

library needs at least debugging symbols for the ntdll.dll #4

xambroz opened this issue Aug 2, 2015 · 4 comments

Comments

@xambroz
Copy link

xambroz commented Aug 2, 2015

Hello,
to make windbglib working you need at least symbols from ntdll.dll.
Please could you consider adding to the install instructions in the README also the instructions to download the symbols for the ntdll.dll. This is crucial especially on the offline systems.

This needs to be done to fix the problem (assuming the msdia90.dll is registered fine:

symchk /r c:\windows\system32\ntdll.dll /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols

it might be also usefull in the code of windbglib - something like:

def getPEBInfo():
    try:
        return typedVar( "ntdll!_PEB", getCurrentProcess())
    except:
        print "It seems that windbglib has problem to get the PEB object."
        print "Try to re-register the VC runtime library by:"
        print "regsvr32.exe \"%ProgramFiles%\\Common Files\\microsoft shared\\VC\\msdia90.dll\"\n"
        print "Second option (especially for offline systems) is that it is missing symbols from ntdll.dll"
        print "Make sure the symbols directory exists (c:\\symbols)"
        print "Download the symbols at least for the ntdll libraries:"
        print "symchk /r c:\\windows\\system32\\ntdll.dll /s SRV*c:\\symbols*http://msdl.microsoft.com/download/symbols"

        exit(1)

====== Error message:

  File "C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\mona.py", line 143, in <module>
    osver = dbg.getOsVersion()

  File "C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\windbglib.py", line 694, in getOsVersion
    return getOSVersion()

  File "C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\windbglib.py", line 80, in getOSVersion
    peb = getPEBInfo()

  File "C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86\windbglib.py", line 111, in getPEBInfo
    return typedVar( "ntdll!_PEB", getCurrentProcess())

See also:
https://www.corelan.be/index.php/forum/mona/error-baseexception-file-diasymexport-cpp-when-running-mona-in-windbg/
https://twitter.com/nanotechz9l/status/425778831052398592
http://pastebin.com/0BJg1F7z
http://pastebin.com/PrjwkdGX
http://pastebin.com/szBAmdEY
http://pastebin.com/TzE8HdTi
http://pastebin.com/Am8QsDHJ

@corelanc0d3r
Copy link
Member

yup, good idea. Feel free to put those changes in a pull request (editing both the readme file and windbglib.py itself :) - thanks !

@corelanc0d3r
Copy link
Member

In fact, I'm working on some windbglib updates, I'll add the code into the file myself.. thanks

@corelanc0d3r
Copy link
Member

Added some info to readme and windbglib - will close issue, thanks for reporting

@xambroz
Copy link
Author

xambroz commented Aug 10, 2015

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants