匹配symbols

(1494.1424): Access violation - code c0000005 (first/second chance not available)
eax=0608a594 ebx=5b28a503 ecx=00000000 edx=00000000 esi=0608a594 edi=00000000
eip=5b25c8a2 esp=0016f51c ebp=5b2a6bf0 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
*** WARNING: Unable to verify timestamp for ecpKernal.dll
*** ERROR: Module load completed but symbols could not be loaded for ecpKernal.dll
ecpKernal+0x3c8a2:
5b25c8a2 8b07            mov     eax,dword ptr [edi]  ds:0023:00000000=????????
0:000> kb 200
ChildEBP RetAddr  Args to Child             
WARNING: Stack unwind information not available. Following frames may be wrong.
0016f56c 60b66695 04dfe580 0608ba4c 00000004 ecpKernal+0x3c8a2
0016f588 5b2232ff 0016f5f0 5b287250 00000001 msvcr90!memcpy_s+0x4a [f:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.c @ 67]
0016f604 77c1b564 01001002 0016f754 5b285d40 ecpKernal+0x32ff
027883c8 e0e0e0e0 00000000 e0e0e0e0 a0a0a0a0 ntdll!EtwTraceMessageVa+0x188
027883e4 21fd4f15 1410c878 abcdaaaa 82491000 0xe0e0e0e0
00000000 00000000 00000000 00000000 00000000 0x21fd4f15

 

symbol找不到，咋办?

1、打开开关：

0:000> !sym noisy
noisy mode - symbol prompts on

2、重新reload

0:000> .reload /s /f ecpkernal.dll
SYMSRV:  c:\symcache\ecpKernal.dll\48CA1B4196000\ecpKernal.dll not found
SYMSRV:  //symbols/symbols/ecpKernal.dll/48CA1B4196000/ecpKernal.dll not found
DBGENG:  C:\Program Files\Microsoft Office Communicator\ecpKernal.dll image header does not match memory image header.
DBGENG:  C:\Program Files\Microsoft Office Communicator\ecpKernal.dll - Couldn't map image from disk.
Unable to load image C:\Program Files\Microsoft Office Communicator\ecpKernal.dll, Win32 error 0n2
DBGENG:  ecpKernal.dll - Partial symbol image load missing image info
DBGHELP: Module is not fully loaded into memory.
DBGHELP: Searching for symbols using debugger-provided data.
SYMSRV:  c:\symcache\ecpKernal.pdb\3F9AEAA2FA0A4DC396B172F766BFCE763\ecpKernal.pdb not found
SYMSRV:  //symbols/symbols/ecpKernal.pdb/3F9AEAA2FA0A4DC396B172F766BFCE763/ecpKernal.pdb not found
DBGHELP: d:\OC\ecpKernal\Release\ecpKernal.pdb - file not found
*** WARNING: Unable to verify timestamp for ecpKernal.dll
*** ERROR: Module load completed but symbols could not be loaded for ecpKernal.dll
DBGHELP: ecpKernal - no symbols loaded

 

3、建立如上红色的目录：

cd c:\symcache

md ecpkernal.pdb

cd ecpkernal.pdb

md 3F9AEAA2FA0A4DC396B172F766BFCE763

cd 3F9AEAA2FA0A4DC396B172F766BFCE763

copy c:\symcache\ecpkernal.pdb .

 

4、重新加载：

.reload /s /f ecpkernal.dll

 

5、重新kb，好了：

000af6a4 6b0cd1e9 8840abd3 00000001 02640818 ecpKernal!CSoapAgent::Open+0x9a [f:\ocnew\ecpkernal\soapagent.cpp @ 32]

000af7b8 6b0ab67c 0616a270 000af858 0438ae80 ecpKernal!CRecord::GetAllPhoneByUserID+0x49 [f:\ocnew\ecpkernal\record.cpp @ 607]

000af878 6b0b96fd 8840a487 00000001 02640818 ecpKernal!CecpKernalModule::LoginECP+0x1fc [f:\ocnew\ecpkernal\dllmain.cpp @ 78]

000af8ec 77917951 04388550 00000000 00000000 ecpKernal!COCEvent::Signin+0x3d [f:\ocnew\ecpkernal\ocevent.cpp @ 157]