Windbg Symbol path configuration

This part ” Windbg Symbol path – Part 1” is dedicated to the definition, verification of Windbg tool installation ,first look of windbg and impact on analysis if windbg symbol path is not configured.

Next  blog with the title “Windbg Symbol path – Part 2” will be dedicated to Symbol path configuration in Windbg , through command prompt and global configuration of Symbol path for all Windows Tools [which we will discuss later on].

 What is Symbol ?

A file with extension .pdb contains symbols related to the associated program . Here we are taking about Debugging Memory Dump file of an operating System , so the pdb file will be associated with the specific dll files or exe files of an operating system . In general , Symbol files contains a footprint of the functions that are contained in an executable files and the dynamic-link libraries (DLLs). Thus ,if you want to debugg an application , you need symbol file of that application.

These symbol files not only provides footprint but also present a roadmap of the function calls which leads to the point of failure. It helps in finding the root cause of the fault happened.

What is Symbol Path ?

For Microsoft tools

http://msdl.microsoft.com/download/symbols

For application ,you may need to contact application vendor, most of the time application debugging is done by Application Vendor.

SYMBOL PATH is a location where all the relevant and important publicly available  pdb files are stored. We can download it locally for debugging purpose.

Configuring Symbol Path to the application or in the environment variable enables the access of Symbol files in order to understand the stacks in the debugging tool.

Above mentioned link is not browse-able. It is intended for access by the debugging application or to the application which need it for representation of the functions and its call.

 Verifying Windows Debugging Tool Installation

Before we proceed further let us check if we have followed  WINDOWS DEBUGGING TOOL INSTALLATION correctly and Windows Debugger is installed in our computers.

Windbg Installed

Windbg Installed

Windbg Option In Start Menu

Windbg Option In Start Menu

If you have installed both version ,it doesn’t matter which version you are running. Both Windbg (x86) and Windbg (x64) will solve your purpose and both could be used for analysis of Memory dump from 32-bit or 64-bit architecture Operating System. Getting in depth regarding the difference is of no concern at the moment.

First Look of Windows debugger

Windbg

Windbg

Click on ” Symbol File Path… ” or press ” Ctrl+S ” , a blank pop-up windows will appear which means no symbol path is configured.

Winbdg Symbol Path Location

Symbol Path Location

Click on “Open Crash Dump …” or press “Ctrl+D” . A browser windows will pop-up so that you can upload the memory dump file . Its necessary that the file extension must be .dmp where as doesn’t matter with the file name.

Please feel free to read article on  Memory Dump, its configuration and method to do it .

 

memory-dump-loading in windbg

Memory.DMP file selection for debugging.

As soon as you have loaded the memory.dmp file in windows debugger [windbg] without configuring Windbg symbol path. You will receive screen like mentioned below or of similar kind.

Windbg - memory dump loaded without symbol path configured.

Windbg – memory dump loaded without symbol path configured.

 

Windbg - memory dump loaded without symbol path configured.

Windbg – memory dump loaded without symbol path configured.

Without Symbols its worthless to debug any dump file whether its memory dump file of an operating system or dump file of an application.

In the next part ,we will be discussing more on methods of configuring Windbg Symbol path. We will be discussing which configuration will be temporary or permanent.