Using symstore.exe cannot load symbols for minidum

2019-07-21 03:35发布

In order to trace a crash in a Qt which only happens on a Windows 8 user machine I set up a local symbol server to use for debugging crash dumps.

First I did a full build with the following flags set:

QMAKE_CFLAGS_RELEASE += -Zi
QMAKE_CXXFLAGS_RELEASE += -Zi
QMAKE_LFLAGS_RELEASE += /DEBUG /OPT:REF

and built an installer using Windows Installer and a VS deployment project. Then I ran the following symstore.exe command:

C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64>symstore.exe add /r /f C:\builddir\*.* /s "C:\Users\Sam\symbols" /t "Application" /v "rev xxxx" /c "test add"

This created the appropiate dll, exe and pdb folders inside C:\Users\Sam\symbols.

Then I installed on the user machine and generated a minidump file through Process Explorer. I tried loading in the dump to Visual Studio and adding C:\Users\Sam\symbols to the symbol file locations but no matching symbols could be found for my binaries.

Then I tried loading it into WinDbg64 (this being a 64bit application). I set !sym noisy set the symbol path with .symfix C:\Users\Sam\symbols and reloaded with .reload /f. This did not have any success either and only export symbols where loaded. For example:

QtGui4  No data is available : SRV*C:\Users\Sam\symbols*http://msdl.microsoft.com/download/symbols
    The SYMSRV client failed validating the GUID for the module, or the
    module does not have the debug header information.

This happens for all modules but I would not expect it at all for the Qt components since these are not built as part of the regular build and even setting the symbol folder to the lib folder directly containing the pdb files doesn't help.

I then tried running ChkMatch.exe against the executable and the pdb file in my symbol store. The signature for the executable matched the folder the pdb was in which indicated that they should be a match but I then got the following error:

Debug information file:
Format: PDB 7.00
Error: PDB header - too many pages in root stream.

I ran ChkMatch.exe again against the installed executable just in case but got the same signature and the same error.

Edit: I tried setting symopt+0x40 which should make WinDbg use the pdbs anyway without checking the signature GUID too closely. However it is still not loading anything at all. Extra output:

SYMSRV:  C:\Users\Sam\symbols\QtGui4.dll\5202030497e000\QtGui4.dll not found
...
SYMSRV:  C:\Users\Sam\symbols\QtGui4.dbg\5202030497e000\QtGui4.dbg not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/QtGui4.dbg/5202030497e000/QtGui4.dbg not found
DBGHELP: .\QtGui4.dbg - file not found
DBGHELP: .\dll\QtGui4.dbg - path not found
DBGHELP: .\symbols\dll\QtGui4.dbg - path not found
DBGHELP: QtGui4.dll missing debug info.  Searching for pdb anyway
DBGHELP: Can't use symbol server for QtGui4.pdb - no header information available
DBGHELP: QtGui4.pdb - file not found
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for QtGui4.dll - 
DBGHELP: QtGui4 - export symbols

The folder in C:\Users\Sam\symbols\QtGui4.dll has the name 4AA92D1B712000 and contains what should be the correct dll.

2条回答
The star\"
2楼-- · 2019-07-21 03:47

For working with minidump you should upload binaries to symstore too

查看更多
Explosion°爆炸
3楼-- · 2019-07-21 04:04

I managed to resolve this myself eventually. Firstly I had to delete and recreate my symbol store from scratch using the above steps. I think I must have messed up my store initially by running symstore.exe twice with the same version number on different folders.

Once I had done this I could then load in crash dumps and see the symbols for the Qt libraries, but only up to about twenty frames and none of the other modules were loaded. I then wanted to copy this stack but couldn't from the stack window in WinDbg and so found the k command to print out the stack. This was an 'Aha!' moment because the k command printed out much more than the stack window and revealed that a stack overflow had occurred. I found that an additional parameter could be passed in for the depth of the stack to be printed and a k 0xFFFF printed out the entire stack.

查看更多
登录 后发表回答