- Run
Process Explorer and Process Monitor. In both tools, click on
Options->Configure Symbols.
Change the Dbghelp.dll path to reference the one in your Debugging
Tools folder and
make sure the symbol path
is set (see step 10). NOTE: you cannot use the
Dbghelp.dll in \Windows\System32 as it does not support the symbol
service; you must use the one in the Debugging
Tools folder.
An example configuration dialog (for a 64-bit system) using public
symbols
would be:
- In the Process Explorer's list of processes, double click on the
process
called "System" (usually 4th in the list) and click on the Threads tab
(there may be a delay while symbols are downloaded).
When the list of threads are displayed, to confirm symbols were
downloaded
properly, sort by the Start Address column and scroll down until you
see
threads with start addresses in the form "ntoskrnl.exe!xxx" or
""ntkrnlpa.exe!xxx"
- make sure you do NOT see any "+0x" after any of these entries. This
is an example of a correct output:
If you see entries like "ntoskrnl.exe!yyyyyy+0xnnn" for most
of the Ntoskrnl/Ntkrnlpa lines, then your symbols are not configured
correctly. For example, this kind of display indicates kernel symbols
are
NOT correctly configured:
- Finally, double click on several other processes to force the
download
of other user mode symbols: Explorer.exe, a few Svchost.exe processes,
Csrss.exe, Winlogon.exe,
etc. The reason for doing this is to get a variety of other user mode
.EXE symbol files
cached on your machine for use during the class. After doing the above,
you
should see a number of subfolders under c:\symbols -- these folders
contain
symbols for the various images referenced.
|
|