I try to analyze some memory dump. But I stack on debug symbols of some Microsoft dll (sechost.dll
What I do:
1) !sym noisy
2) .symfix
3) .sympath
My .sympath
Symbol search path is: srv*
Expanded Symbol search path is: cache*;SRV*http://msdl.microsoft.com/download/symbols
4) analyze -v
After it I saw symbols loading.
But for some symbols I have
SYMSRV: The operation timed out
SYMSRV: http://msdl.microsoft.com/download/symbols/sechost.pdb/C4FD72A96E384F62A5F796624D37EAB42/sechost.pdb not found
SYMSRV: C:\ProgramData\dbg\sym\sechost.pdb\C4FD72A96E384F62A5F796624D37EAB42\sechost.pdb not found
DBGHELP: sechost.pdb - file not found
*** ERROR: Symbol file could not be found. Defaulted to export symbols for sechost.dll -
DBGHELP: sechost - export symbols
When actual analyze start I saw:
IMAGE_NAME: sechost.dll
FAILURE_BUCKET_ID: WRONG_SYMBOLS_80000003_sechost.dll!SubscribeServiceChangeNotifications
I understand that I don't have PDB for this DLL. I try load it with .reload /f sechost.dll
. But analyze got stuck on same place.
How to deal with this?
Maybe there is possibility to increase connection timeout or other way to get what I need?
I asked this Microsoft and Andy Luhrs replied me that Microsoft needs 3 days to publish the symbols for new builds/ Windows 10 updates.
So if you analyze dumps after updates have been published, try to load symbols 3 days after the update was published.