最近在分析一个蓝屏dump时发现,nt模块加载不了符号表,其他系统驱动的符号表都能加载成功

3: kd> .reload /f nt
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe

激活详细符号加载信息

3: kd> !sym noisy
noisy mode - symbol prompts on
3: kd> .reload /f nt
SYMSRV:  d:\mysymbol\ntoskrnl.exe\56BCC7865ec000\ntoskrnl.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/56BCC7865ec000/ntoskrnl.exe not found
SYMSRV:  d:\mysymbol\ntkrnlup.exe\56BCC7865ec000\ntkrnlup.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlup.exe/56BCC7865ec000/ntkrnlup.exe not found
SYMSRV:  d:\mysymbol\ntkrnlpa.exe\56BCC7865ec000\ntkrnlpa.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlpa.exe/56BCC7865ec000/ntkrnlpa.exe not found
SYMSRV:  d:\mysymbol\ntkrnlmp.exe\56BCC7865ec000\ntkrnlmp.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/56BCC7865ec000/ntkrnlmp.exe not found
SYMSRV:  d:\mysymbol\ntkrpamp.exe\56BCC7865ec000\ntkrpamp.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrpamp.exe/56BCC7865ec000/ntkrpamp.exe not found
DBGHELP: C:\Program Files (x86)\Debugging Tools for Windows (x86)\ntoskrnl.exe - file not found
DBGHELP: C:\Program Files (x86)\Debugging Tools for Windows (x86)\ntkrnlup.exe - file not found
DBGHELP: C:\Program Files (x86)\Debugging Tools for Windows (x86)\ntkrnlpa.exe - file not found
DBGHELP: C:\Program Files (x86)\Debugging Tools for Windows (x86)\ntkrnlmp.exe - file not found
DBGHELP: C:\Program Files (x86)\Debugging Tools for Windows (x86)\ntkrpamp.exe - file not found
SYMSRV:  D:\mysymbol\ntoskrnl.exe\56BCC7865ec000\ntoskrnl.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntoskrnl.exe/56BCC7865ec000/ntoskrnl.exe not found
SYMSRV:  D:\mysymbol\ntkrnlup.exe\56BCC7865ec000\ntkrnlup.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlup.exe/56BCC7865ec000/ntkrnlup.exe not found
SYMSRV:  D:\mysymbol\ntkrnlpa.exe\56BCC7865ec000\ntkrnlpa.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlpa.exe/56BCC7865ec000/ntkrnlpa.exe not found
SYMSRV:  D:\mysymbol\ntkrnlmp.exe\56BCC7865ec000\ntkrnlmp.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrnlmp.exe/56BCC7865ec000/ntkrnlmp.exe not found
SYMSRV:  D:\mysymbol\ntkrpamp.exe\56BCC7865ec000\ntkrpamp.exe not found
SYMSRV:  http://msdl.microsoft.com/download/symbols/ntkrpamp.exe/56BCC7865ec000/ntkrpamp.exe not found
DBGENG:  ntoskrnl.exe - Image mapping disallowed by non-local path.
Unable to load image ntoskrnl.exe, Win32 error 0n2
DBGENG:  ntoskrnl.exe - Partial symbol image load missing image info
DBGHELP: No header for ntoskrnl.exe.  Searching for dbg file
DBGHELP: .\ntoskrnl.dbg - file not found
DBGHELP: .\exe\ntoskrnl.dbg - path not found
DBGHELP: .\symbols\exe\ntoskrnl.dbg - path not found
DBGHELP: ntoskrnl.exe missing debug info.  Searching for pdb anyway
DBGHELP: Can't use symbol server for ntoskrnl.pdb - no header information available
DBGHELP: ntoskrnl.pdb - file not found
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
DBGHELP: nt - no symbols loaded

但是提取对方电脑上的ntoskrnl.exe用IDA分析,发现可以正确加载到符号表,于是我将提取到的ntoskrnl.exe放到windbg要找到的路径上去例如:

SYMSRV:  d:\mysymbol\ntoskrnl.exe\56BCC7865ec000\ntoskrnl.exe not found

结果这次终于正常加载上了

3: kd> .reload /f nt
DBGHELP: d:\mysymbol\ntoskrnl.exe\56BCC7865ec000\ntoskrnl.exe - OK
DBGENG:  d:\mysymbol\ntoskrnl.exe\56BCC7865ec000\ntoskrnl.exe - Mapped image memory
DBGHELP: nt - public symbols  d:\mysymbol\ntkrnlmp.pdb\D7EA2B6682984A0E8697620F5571B7BF2\ntkrnlmp.pdb

  

转载于:https://www.cnblogs.com/Potato-Eater/p/7611916.html

Unable to load image ntoskrnl.exe的问题相关推荐

  1. ibm服务器安装2008系统蓝屏,WIN sever 2008 R2 64位系统 ntoskrnl.exe 蓝屏 求解决方案

    服务器不明原因重启,已排除软件安装, Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft ...

  2. cmd运行php文件以及环境配置出现的问题、 php.exe不是内部或外部命令,也不是可运行的程序 或批处理文件、PHP startup: Unable to load dynamic library

    我用php.exe远行php文件出现了几个问题,先说一下怎么解决这些问题的,然后再说怎么运行 首先是出现 'php.exe' 不是内部或外部命令,也不是可运行的程序 或批处理文件,查了一下,是没有配置 ...

  3. ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel Symbols

    电脑蓝屏问题ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe Loading Kernel S ...

  4. 至强服务器装2003系统蓝屏,Windows Server 2008 R2 ntoskrnl.exe 引起蓝屏故障,重新启动...

    前不久在HP ProLiant DL360 G6的服务器上面安装了Windows Server 2008 R2,系统一到晚上凌晨就出现蓝屏.重启现象,并且在 C:\Windows\Minidump 目 ...

  5. Unable to load print control in ReportingService

    低版本出现报表无法打印的问题(客户端无法加载打印控件) SP2地址: http://www.microsoft.com/downloads/details.aspx?displaylang=zh-cn ...

  6. wireshark/The NPF driver isn’t running./Unable to load WinPcap (wpcap.dll)

    很久没使用wireshark后重新打开就出现警告: The NPF driver isn't running. You may have trouble capturing or listing in ...

  7. java.lang.UnsatisfiedLinkError: Unable to load library ‘D:\dll\DwgOperInterface‘: 找不到指定的模块

    执行代码 import com.sun.jna.Library; import com.sun.jna.Native; import com.sun.jna.ptr.IntByReference;pu ...

  8. 关于pycharm报错:Fatal Python error: Py_Initialize: unable to load the file system codec的解决

    先上pycharm报错: Fatal Python error: Py_Initialize: unable to load the file system codec ModuleNotFoundE ...

  9. Unable to load dll 应用程序配置不正确,程序无法启动 的解决方法

    现象:需要的dll已经存在,但就是找不到.提示信息例如: Unable to load dll  应用程序配置不正确,程序无法启动 解决方法:安装Microsoft Visual C++ 2005 S ...

最新文章

  1. No toolchains found in the NDK toolchains folder for ABI with prefix: mips64el-linux-android
  2. 压力管道流量计算公式_带你全面了解各种流量计!
  3. c语言 二级菜单_收下计算机二级秘笈,考场上说好不哭!
  4. vsftpd搭建和创建虚拟账号
  5. jAVA not find main_java编程时出现Could not find the main class 怎么解决???
  6. [转]android刷新后R.java不见了
  7. 李雅普诺夫稳定性理论的理解
  8. 行政区域村级划分数据库_两区划定数据库规范
  9. 提示此windows副本不是正版的win7系统7601解决方法
  10. 摄影构图学83年绝版_学摄影练实操 2020年昆明市统战系统宣传工作业务培训班继续进行...
  11. python爬虫—爬取taptap游戏的评论信息(通过fiddler抓包)
  12. ​力扣解法汇总954-二倍数对数组
  13. C++中vector容器和普通数组的区别
  14. 关于Sql语句中的模糊查询like关键字详解
  15. in unnamed module of loader
  16. 解决pip无法更新问题的简单方法:You are using pip version 20.1.2, however version 20.2.2 is available.......问题 的完
  17. 海康威视人脸识别设备对接(一)环境搭建
  18. 面试问题汇总 精选 分析 解答 职业规划 part 3
  19. 离线解锁 CodeCombat 全关卡教程 使用docker安装实现
  20. 读书笔记:微积分的历程-从牛顿到勒贝格

热门文章

  1. Mecanim动画系统 - 在角色上使用Mask 叠加动画层
  2. 悟空蜘蛛池官方为上海联劝公益基金会捐赠5千元
  3. 超过500万海量数据怎样处理
  4. HTTP服务和RPC服务,如何选择
  5. Unity使用科大讯飞-语音转写接口
  6. ES学习1~23(ECMAcript相关介绍+ECMASript 6新特性)
  7. mysql 用ip地址连接不上
  8. 改IP(谷歌翻译器国内用不了)修改host,亲测有效
  9. #4850. 查拉图斯特拉如是说
  10. 多款Android播放器源码集锦