Translating sytem debug information.

0 Likes

Problem:

What is the correct way to load the operating system debug information into softice.

Resolution:

The following is the most accurate way of loading system debug information into softice.

1. Check that you have the proper debug symbols for you OS and service pack. Symbols change with every OS. That is more or less understood. However service packs also change these, and this is commonly overlooked. So verify that you have the matching symbols.

2. When the operating system is loaded it looks for the correct versions of several files and will rename these operating system executables during install. An example I will use for the rest of this article is ntoskrnl.exe. If you have a multiProcessor machine the install will rename ntkrnlmp.exe to ntoskrnl.exe during install.

This is the same with other files like hal.dll.

So check the original file name by right clicking on the file in file explorer and then go to properties, version, Original Filename.

3. If the original name matches the name as it is in system directory then skip to step 4. If not, do two things. First copy the file and rename it back to its original name.

4. Find the debug file (PDB or DGB etc) that matches the file that you want to use and move it to the same directory as the executable.

Open symbol loader and open the file (binary file - sys, dll, exe etc..) to be translated. From the module menu translate the file.

5. If the original filename matched the name as it was in the system directory skip to step 6. If it did not match then delete the copy you made of the file in step 3. Rename the nms that you generated in step 4 to the same name as the binary you translated. For example you now have an nms file named ntkrnlmp.nms. This should be renamed to ntoskrnl.nms

6. In symbol loader open the nms file and load it into softice. Note: you may want to add this as a symbol that softice loads on start up. You can do this from symbol loader edit->initialization settings-> symbols.

Old KB# 11880
Comment List
Anonymous
Related Discussions
Recommended