성태의 닷넷 이야기
홈 주인
모아 놓은 자료
프로그래밍
질문/답변
사용자 관리
사용자
메뉴
아티클
외부 아티클
유용한 코드
온라인 기능
MathJax 입력기
최근 덧글
[정성태] 아쉽게도, 커뮤니티는 아니고 개인 블로그입니다. ^^
[정성태] 질문이 잘 이해가 안 됩니다. 우선, 해당 소스코드에서 ILis...
[양승조
] var대신 dinamic으로 선언해서 해결은 했습니다. 맞는 해...
[양승조
] 또 막혔습니다. ㅠㅠ var list = props[i].Ge...
[양승조
] 아. 감사합니다. 어제는 안됐던것 같은데....정신을 차려야겠네...
[정성태] "props[i].GetValue(props[i])" 코드에서 ...
[정성태] 저렇게 조각 코드 말고, 실제로 재현이 되는 예제 프로젝트를 압...
[정성태] Modules 창(Ctrl+Shift+U)을 띄워서, 해당 Op...
[정성태] 만드실 수 있습니다. 단지, Unity 엔진 내의 스크립트와 W...
[공진영] 안녕하세요 좋은글 감사합니다. 현재 제가 wpf로 관제 모...
글쓰기
제목
이름
암호
전자우편
HTML
홈페이지
유형
제니퍼 .NET
닷넷
COM 개체 관련
스크립트
VC++
VS.NET IDE
Windows
Team Foundation Server
디버깅 기술
오류 유형
개발 환경 구성
웹
기타
Linux
Java
DDK
Math
Phone
Graphics
사물인터넷
부모글 보이기/감추기
내용
<div style='display: inline'> <h1 style='font-family: Malgun Gothic, Consolas; font-size: 20pt; color: #006699; text-align: center; font-weight: bold'>livekd - Could not resolve symbols for ntoskrnl.exe: MmPfnDatabase</h1> <p> windbg의 Local Kernel Debug 모드는,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > Windbg - Local Kernel Debug 모드 ; <a target='tab' href='https://www.sysnet.pe.kr/2/0/934'>https://www.sysnet.pe.kr/2/0/934</a> </pre> <br /> (재부팅이 필요한) "bcdedit -debug on" 명령어가 실행된 환경이어야 해서 다소 번거로운데, 이런 불편함을 <a target='tab' href='https://docs.microsoft.com/en-us/sysinternals/downloads/livekd'>LiveKD</a>가 해결해 줍니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > Windbg를 이용한 로컬 커널 디버깅툴 LiveKD ; <a target='tab' href='https://killdos.tistory.com/9'>https://killdos.tistory.com/9</a> </pre> <br /> LiveKD는 전에 <a target='tab' href='https://www.sysnet.pe.kr/2/0/12284'>Hyper-V의 VM에 대한 메모리 덤프를 뜨는 방법</a> 글에서도 소개한 적이 있는데, 다시 한번 실습을 위해 kd.exe가 있는 windbg의 경로를 맞춰준 후,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > C:\SysInternals> set PATH=C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64;%PATH% // set PATH=C:\Program Files (x86)\Windows Kits\10\Debuggers\x64;%PATH% </pre> <br /> 실행했더니 뜻하지 않은 오류가 발생합니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > C:\SysInternals> <span style='color: blue; font-weight: bold'>livekd</span> LiveKd v5.62 - Execute kd/windbg on a live system Sysinternals - www.sysinternals.com Copyright (C) 2000-2016 Mark Russinovich and Ken Johnson Symbols are not configured. Would you like LiveKd to set the _NT_SYMBOL_PATH directory to reference the Microsoft symbol server so that symbols can be obtained automatically? (y/n) y Enter the folder to which symbols download (default is c:\symbols): c:\symbols <span style='color: blue; font-weight: bold'>Could not resolve symbols for ntoskrnl.exe: MmPfnDatabase</span> Ensure that your symbol path is correctly configured, either via the -y option or the _NT_SYMBOL_PATH environmental variable. Symbols are required in order to initiate a debugging session. The -vsym command line option will display additional details that may be used to track down symbol resolution or symbol load issues. The specified module could not be found. Exiting LiveKd. </pre> <br /> 오류 메시지에 따라 "-vsym" 옵션을 주면 ntkrnlmp.pdb를 찾지 못하는 상태를 보여주는데,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > C:\SysInternals> <span style='color: blue; font-weight: bold'>livekd -vsym</span> LiveKd v5.63 - Execute kd/windbg on a live system Sysinternals - www.sysinternals.com Copyright (C) 2000-2020 Mark Russinovich and Ken Johnson SYMSRV: BYINDEX: 0x1 c:\symbols ntkrnlmp.pdb 1C9875F76C8F0FBF3EB9A9D7C1C274061 SYMSRV: UNC: c:\symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\ntkrnlmp.pdb - path not found SYMSRV: UNC: c:\symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\ntkrnlmp.pd_ - path not found SYMSRV: UNC: c:\symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\file.ptr - path not found SYMSRV: RESULT: 0x80070003 DBGHELP: *http://msdl.microsoft.com/download/symbols\ntkrnlmp.pdb - file not found DBGHELP: *http://msdl.microsoft.com/download/symbols\exe\ntkrnlmp.pdb - file not found DBGHELP: *http://msdl.microsoft.com/download/symbols\symbols\exe\ntkrnlmp.pdb - file not found DBGHELP: ntkrnlmp.pdb - file not found DBGHELP: ntoskrnl - export symbols ...[생략]... </pre> <br /> 좀 이해가 안 됩니다. 중간의 "c:\symbols"로부터 캐시된 pdb 파일을 찾는 것에는 정상적으로 1C9875F76C8F0FBF3EB9A9D7C1C274061와 같은 signature+age 경로가 있는데 원격지(msdl.microsoft.com)로부터 다운로드할 때는 signature+age를 붙이지 않고 있습니다. (참고: <a target='tab' href='https://www.sysnet.pe.kr/2/0/2925'>PDB 기호 파일의 경로 구성 방식</a>) <br /> <br /> 어쨌든, livekd가 그걸 하지 못하고 있으니 오류가 발생한 pdb에 대해서는 <a target='tab' href='https://www.sysnet.pe.kr/2/0/12091'>symchk.exe</a>를 이용해 명시적으로 다운로드를 해야 합니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > C:\SysInternals> <span style='color: blue; font-weight: bold'>symchk -v C:\Windows\System32\ntoskrnl.exe /s srv*c:\Symbols*http://msdl.microsoft.com/download/symbols</span> [SYMCHK] Searching for symbols to C:\Windows\System32\ntoskrnl.exe in path srv*c:\Symbols*http://msdl.microsoft.com/download/symbols DBGHELP: Symbol Search Path: srv*c:\Symbols*http://msdl.microsoft.com/download/symbols [SYMCHK] Using search path "srv*c:\Symbols*http://msdl.microsoft.com/download/symbols" DBGHELP: No header for C:\Windows\System32\ntoskrnl.exe. Searching for image on disk DBGHELP: C:\Windows\System32\ntoskrnl.exe - OK SYMSRV: BYINDEX: 0x1 c:\Symbols*http://msdl.microsoft.com/download/symbols ntkrnlmp.pdb 1C9875F76C8F0FBF3EB9A9D7C1C274061 SYMSRV: UNC: c:\Symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\ntkrnlmp.pdb - path not found SYMSRV: UNC: c:\Symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\ntkrnlmp.pd_ - path not found SYMSRV: UNC: c:\Symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\file.ptr - path not found SYMSRV: HTTPGET: /download/symbols/index2.txt SYMSRV: HttpQueryInfo: 80190190 - HTTP_STATUS_BAD_REQUEST <span style='color: blue; font-weight: bold'>SYMSRV: HTTPGET: /download/symbols/ntkrnlmp.pdb/1C9875F76C8F0FBF3EB9A9D7C1C274061/ntkrnlmp.pdb</span> SYMSRV: HttpQueryInfo: 801900c8 - HTTP_STATUS_OK SYMSRV: ntkrnlmp.pdb from http://msdl.microsoft.com/download/symbols: 8596480 bytes - copied SYMSRV: PATH: c:\Symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\ntkrnlmp.pdb SYMSRV: RESULT: 0x00000000 DBGHELP: ntoskrnl - public symbols c:\Symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\ntkrnlmp.pdb [SYMCHK] MODULE64 Info ---------------------- [SYMCHK] Struct size: 1680 bytes [SYMCHK] Base: 0x140000000 [SYMCHK] Image size: 17063936 bytes [SYMCHK] Date: 0x07503e39 [SYMCHK] Checksum: 0x00a7ae11 [SYMCHK] NumSyms: 0 [SYMCHK] SymType: SymPDB [SYMCHK] ModName: ntoskrnl [SYMCHK] ImageName: C:\Windows\System32\ntoskrnl.exe [SYMCHK] LoadedImage: C:\Windows\System32\ntoskrnl.exe [SYMCHK] PDB: "c:\Symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\ntkrnlmp.pdb" [SYMCHK] CV: RSDS [SYMCHK] CV DWORD: 0x53445352 [SYMCHK] CV Data: ntkrnlmp.pdb [SYMCHK] PDB Sig: 0 [SYMCHK] PDB7 Sig: {1C9875F7-6C8F-0FBF-3EB9-A9D7C1C27406} [SYMCHK] Age: 1 [SYMCHK] PDB Matched: TRUE [SYMCHK] DBG Matched: TRUE [SYMCHK] Line nubmers: FALSE [SYMCHK] Global syms: FALSE [SYMCHK] Type Info: TRUE [SYMCHK] ------------------------------------ SymbolCheckVersion 0x00000002 Result 0x00130001 DbgFilename DbgTimeDateStamp 0x07503e39 DbgSizeOfImage 0x01046000 DbgChecksum 0x00a7ae11 PdbFilename c:\Symbols\ntkrnlmp.pdb\1C9875F76C8F0FBF3EB9A9D7C1C274061\ntkrnlmp.pdb PdbSignature {00000000-0000-0000-0000-000000000000} PdbDbiAge 0x00000000 [SYMCHK] [ 0x00000000 - 0x00130001 ] Checked "C:\Windows\System32\ntoskrnl.exe" SYMCHK: FAILED files = 0 SYMCHK: PASSED + IGNORED files = 1 </pre> <br /> 이후, 다시 livekd를 실행하면 ^^ 잘 동작하는 것을 확인할 수 있습니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > C:\SysInternals> <span style='color: blue; font-weight: bold'>livekd</span> LiveKd v5.63 - Execute kd/windbg on a live system Sysinternals - www.sysinternals.com Copyright (C) 2000-2020 Mark Russinovich and Ken Johnson Launching C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\kd.exe: Microsoft (R) Windows Debugger Version 10.0.19041.1 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\WINDOWS\livekd.dmp] Kernel Complete Dump File: Full address space is available Comment: 'LiveKD live system view' ************* Path validation summary ************** Response Time (ms) Location Deferred srv*c:\symbols *http://msdl.microsoft.com/download/symbols Symbol search path is: srv*c:\symbols *http://msdl.microsoft.com/download/symbols Executable search path is: Windows 8 Kernel Version 9200 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff802`4f600000 PsLoadedModuleList = 0xfffff802`5022a2f0 Debug session time: Wed Aug 26 11:27:55.035 2020 (UTC + 9:00) System Uptime: 2 days 11:42:44.572 Loading Kernel Symbols ............................................................... ................................................................ ................................................................ ......................... Loading User Symbols .................................. Loading unloaded module list ................................ For analysis of this file, run !analyze -v 0: kd> <span style='color: blue; font-weight: bold'>!process</span> PROCESS ffffa9028cbb0080 SessionId: 1 Cid: 5380 Peb: 454c98000 ParentCid: 8930 DirBase: 31098002 ObjectTable: ffff83898d947880 HandleCount: 133. Image: kd.exe VadRoot ffffa90299012660 Vads 91 Clone 0 Private 6618. Modified 19. Locked 6. DeviceMap ffff8389521421c0 Token ffff838969e295f0 ElapsedTime 00:00:00.917 UserTime 00:00:00.000 KernelTime 00:00:00.000 QuotaPoolUsage[PagedPool] 134928 QuotaPoolUsage[NonPagedPool] 12928 Working Set Sizes (now,min,max) (9146, 50, 345) (36584KB, 200KB, 1380KB) PeakWorkingSetSize 9060 VirtualSize 2101383 Mb PeakVirtualSize 2101383 Mb PageFaultCount 18354 MemoryPriority BACKGROUND BasePriority 8 CommitCharge 6872 THREAD ffffa9029f1f2080 Cid 5380.701c Teb: 0000000454c99000 Win32Thread: ffffa902a4edb380 RUNNING on processor 1 THREAD ffffa9028c887080 Cid 4824.4444 Teb: 0000000000000000 Win32Thread: 0000000000000000 TERMINATED THREAD ffffa9028dcc72c0 Cid 7f1c.9a1c Teb: 0000000000000000 Win32Thread: 0000000000000000 TERMINATED THREAD ffffa902ad9a3080 Cid 4c24.5918 Teb: 0000000000000000 Win32Thread: 0000000000000000 TERMINATED THREAD ffffa9029fff5080 Cid 4c24.5c04 Teb: 0000000000000000 Win32Thread: 0000000000000000 TERMINATED THREAD ffffa902b5715080 Cid 4c24.7af8 Teb: 0000000000000000 Win32Thread: 0000000000000000 TERMINATED THREAD ffffa9029d6df080 Cid 4c24.39ac Teb: 00000000004fb000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable ffffa90292a3fe40 QueueObject THREAD ffffa9029218c080 Cid 4c24.90a4 Teb: 00000000005f4000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable ffffa90292a3fe40 QueueObject THREAD ffffa90289949080 Cid 4c24.86d4 Teb: 0000000000493000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable ffffa90292a3fe40 QueueObject THREAD ffffa9028c7ed080 Cid 4c24.8e4c Teb: 00000000004bd000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable ffffa90292a40b40 QueueObject TYPE mismatch for thread object at ffffa902988d9db8 </pre> </p><br /> <br /><hr /><span style='color: Maroon'>[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]</span> </div>
첨부파일
스팸 방지용 인증 번호
2570
(왼쪽의 숫자를 입력해야 합니다.)