SymbolBuilder fails in a kernel debugger

Question

SymbolBuilder fails in a kernel debugger

yardenshafir opened this issue 2 years ago · 4 comments

Trying to create a symbol builder in a live kernel debugger session fails with unspecified error:

dx Debugger.Utility.SymbolBuilder.CreateSymbols("ntkrnlmp.exe")
Error: Unspecified error (0x80004005)

This happens regardless of the module used. The same DLL works fine in a user mode debugging session

Answer 1 · 2023-01-09T18:01:27.000Z

There are some issues in the sample around assumptions that there will be an ISvcProcess which need to be fixed (these are some relatively simple fixes). Unfortunately, there is also a blocking bug on the engine side. Opening a kernel dump does not expose a module enumerator at the target composition level. That will need to be fixed before this sample can be made to work on kernel targets...

I've opened that bug internally. When a fix for that can be included in the store version of WinDbg Preview, I'll come back and make the sample here work properly on kernel mode targets.

Answer 2 · 2023-04-30T20:54:04.000Z

Any updates on the fix? Kind of critical not to now have support for kernel debugging sessions out of the box for such a useful extension

Answer 3 · 2023-06-12T16:10:26.000Z

There's a PR out (in review) for an initial level of support for kernel mode targets:

#83

Note that this will enable support for KERNEL MODE MODULES within a kernel mode target but will not yet enable support for user mode modules while kernel debugging. Details are in the commit description.

Answer 4 · 2023-06-12T18:07:15.000Z

PR merged today. It should be functional if you pull and rebuild the sample.