Crash Dumps for Dummies (Part5)

Crash Dumps for Dummies (Part5)

In this part,I try to explain symbol files.They are usually called PDB filesbecause they have .PDB extension although the older onescan have .DBG extension. PDB files are needed to read dump files properly. Without PDB files the dump file data is just acollection of numbers, the contents of memory,without any meaning. PDBfiles help tools like WinDbg tointerpret the data and present it in a human-readable format.Roughly speaking, PDB filescontainassociations between numbers and their meanings expressed inshort text strings:

Because these associationsare changedwhen youhave a fix or a service pack on a computer and you have a dump from it you need newer PDB files that correspond to updated components such as DLLs or drivers.

Long time ago you had to download symbol filesmanually from Microsoft or get them from CDs. Now Microsoft hasits dedicated internet symbol server and WinDbg can downloadPDB files automatically.However you need to specify Microsoft symbol server locationin FileSymbol File Path… dialog and check Reload.The locationis usually:

SRV*c:websymbols*http://msdl.microsoft.com/download/symbols

If you don’t rememberthelocation when you run WinDbg for the first time or on a new computer you can enter .symfix command tosetMicrosoft symbol serverpath automatically and specifythe location where to download symbol files.You can check your current symbol search pathbyusing .sympathcommand and don’t forget to reload symbols by entering .reload command:

0:000> .symfix
No downstream store given, using C:Program FilesDebugging Tools for Windowssym
0:000> .sympath
Symbol search path is: SRV**http://msdl.microsoft.com/download/symbols
0:000> .symfix c:websymbols
0:000> .sympath
Symbol search path is: SRV*c:websymbols*http://msdl.microsoft.com/download/symbols
0:000> .reload

- Dmitry Vostokov -