Windows调试-WinDbg
我在使用核心转储调试进程时遇到以下错误。
0:000> !lmi test.exe
Loaded Module Info: [test.exe]
Module: test
Base Address: 00400000
Image Name: test.exe
Machine Type: 332 (I386)
Time Stamp: 4a3a38ec Thu Jun 18 07:54:04 2009
Size: 27000
CheckSum: 54c30
Characteristics: 10f
Debug Data Dirs: Type Size VA Pointer
MISC 110, 0, 21000 [Debug data not mapped]
FPO 50, 0, 21110 [Debug data not mapped]
CODEVIEW 31820, 0, 21160 [Debug data not mapped] - Can't validate symbols, if present.
Image Type: FILE - Image read successfully from debugger.
test.exe
Symbol Type: CV - Symbols loaded successfully from image path.
Load Report: cv symbols & lines
有谁知道错误 CODEVIEW 31820, 0, 21160 [Debug data not returned] - Can't validatesymbols, if present.
的真正含义是什么?
这个错误是否意味着我无法从可执行文件中读取公共/私有符号?
如果不是这样,为什么 WinDbg 调试器会抛出这种类型的错误?
提前致谢, 桑托什。
I got the following error while debuggging a process with its core dump.
0:000> !lmi test.exe
Loaded Module Info: [test.exe]
Module: test
Base Address: 00400000
Image Name: test.exe
Machine Type: 332 (I386)
Time Stamp: 4a3a38ec Thu Jun 18 07:54:04 2009
Size: 27000
CheckSum: 54c30
Characteristics: 10f
Debug Data Dirs: Type Size VA Pointer
MISC 110, 0, 21000 [Debug data not mapped]
FPO 50, 0, 21110 [Debug data not mapped]
CODEVIEW 31820, 0, 21160 [Debug data not mapped] - Can't validate symbols, if present.
Image Type: FILE - Image read successfully from debugger.
test.exe
Symbol Type: CV - Symbols loaded successfully from image path.
Load Report: cv symbols & lines
Does any body know what the error CODEVIEW 31820, 0, 21160 [Debug data not mapped] - Can't validate symbols, if present.
really mean?
Is this error meant that i can't read public/private symbols from the executable?
If it is not so, why does the WinDbg debugger throws this typr of error?
Thanks in advance,
Santhosh.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
未映射的调试数据可能意味着保存调试信息的可执行文件部分尚未映射到内存中。如果这是故障转储,则您的选择是有限的,但如果这是实时调试会话。您可以使用 WinDbg .pagein 命令来检索数据。为此,您需要知道要分页的地址。如果您在模块起始地址上使用 !dh 命令(您可以使用 lm 查看该地址 - 在我的例子中,lm mmsvcr90 表示 msvcr90.dll),您可能会看到类似的内容(向下滚动一段距离):
这表明调试数据位于模块起始位置的偏移量 217d0 处,长度为 29。如果您尝试转储这些字节,您将看到(78520000 是模块的起始地址):
如果您执行 .pagein /p 82218b90 785417d0,然后 F5,当调试器重新启动时您会看到(82218b90 是我正在调试的进程的 _EPROCESS 地址):
现在执行 .reload /f msvcr90.dll 将加载符号。对于故障转储,如果您可以找到丢失的 0x29 字节(可能来自另一个转储),您也许可以插入它们并以这种方式加载符号。
Debug data not mapped can mean the section of the executable that holds the debug information hasn't been mapped into memory. If this is a crash dump, your options are limited, but if it's a live debug session. you can use the WinDbg .pagein command to retrieve the data. To do that you need to know the address to page in. If you use the !dh command on the module start address (which you can see with lm - in my case, lm mmsvcr90 for msvcr90.dll), you may see something like this (scrolling down a ways):
This shows you that the debug data is at offset 217d0 from the module start and is length 29. If you attempt to dump those bytes you'll see (78520000 is the module's start address):
If you execute .pagein /p 82218b90 785417d0, then F5, when the debugger breaks back in you'll see (82218b90 is the _EPROCESS address of the process that I'm debugging):
Now executing .reload /f msvcr90.dll will load the symbols. For a crash dump, if you can find the 0x29 bytes you're missing (from another dump maybe), you may be able to insert them and get the symbols loaded that way.
您是否为 WinDbg 设置了符号路径(请参阅步骤 2 @ http://blogs.msdn.com/iliast/archive/2006/12/10/windbg-tutorials.aspx),您的 PDB 文件是否位于符号路径中?
我假设您正在测试一个以调试模式构建的可执行文件,该模式会生成必要的 PDB 文件。
Have you set your symbol path for WinDbg (see Step 2 @ http://blogs.msdn.com/iliast/archive/2006/12/10/windbg-tutorials.aspx) and are your PDB files in the symbol path?
I assume you're testing an executable built in debug mode which generates the necessary PDB files.