WinDbg Problem with ntoskrnl

5

I've got a similar problem to "BSOD - Unable to verify timestamp for ntoskrnl.exe", in that I can't seem to get the correct symbols to read ntoskrnl.

I've followed the advice given by BK1E, but still can't get a result.

Text from debug below:

Loading Dump File [C:\Users\XXXX\AppData\Local\Temp\WER9D78.tmp\Mini030610-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\Windows\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows Server 2008/Windows Vista Kernel Version 6002 (Service Pack 2) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Machine Name:
Kernel base = 0xfffff800`01e59000 PsLoadedModuleList = 0xfffff800`0201ddd0
Debug session time: Sat Mar  6 14:08:20.516 2010 (UTC + 0:00)
System Uptime: 0 days 0:42:01.723
Unable to load image \SystemRoot\system32\ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
...............................................................
................................................................
.........................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {11, c, 0, fffff80001ec9489}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

How do I fix this issue?

OS is Windows Vista x64 SP2.

Wilf

Posted 2010-03-06T21:52:27.560

Reputation: 202

After running ".symfix", could you try running ".reload /f"? – Reuben – 2010-03-23T04:33:17.697

oh gawd, not the bugchecks... ptsd... acting up again.... twitch – quack quixote – 2010-04-09T17:56:21.160

Answers

2

Looks like you're loading a minidump, which requires a path to the executable. Either set the _NT_EXECUTABLE_IMAGE_PATH env var to point to your %windir%\system32 folder (or whatever holds your executables), or use the .exepath command in windbg.

nithins

Posted 2010-03-06T21:52:27.560

Reputation: 141

Asked: 2010-03-06T21:52:27.560

Viewed: 3 940 times

Active: 2010-05-13T03:52:01.623