Having confirmed with WinDbg team currently insider builds don’t get public symbols unless it is a major release (They are looking into a solution….)
How are we going to debug anything on bleeding edge systems “Fast Track Updates” in the meantime?
To workaround this problem I did the following
1) Downloaded the latest Windows 10 symbol package publicly available
https://msdn.microsoft.com/en-us/windows/hardware/gg463028.aspx
I installed them into a folder C:\win10symbols
2) Download ChkMatch tool from here http://www.debuginfo.com/tools/chkmatch.html
Note it is 32-bit only tool, so when specifying path to 64-bit files in C:\windows\system32 you must use path C:\windows\sysnative
3) Delete any files in <debugger directory>\sym folder (i.e. C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym )
Here is the WinDbg output:
Before ChkMatch
0:000> .reload
Reloading current modules
…..
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll –
************* Symbol Loading Error Summary **************
Module name Error
ntdll PDB not found : c:\win10symbols\symbols\dll\ntdll.pdb
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
0:000> !peb
PEB at 00007ff6759af000
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn’t have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing “.symopt- 100”. Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_PEB ***
*** ***
*************************************************************************
error 3 InitTypeRead( nt!_PEB at 00007ff6759af000)…
I then ran the following command:
C:\>chkmatch -m C:\windows\sysnative\ntdll.dll c:\win10symbols\ntdll.pdb\B9A5AE37F693422C89FBF6471E0FC5F51\ntdll.pdb
ChkMatch – version 1.0
Copyright (C) 2004 Oleg Starodumov
http://www.debuginfo.com/
Executable: C:\windows\sysnative\ntdll.dll
Debug info file: c:\win10symbols\ntdll.pdb\B9A5AE37F693422C89FBF6471E0FC5F51\ntdll.pdb
Executable:
TimeDateStamp: 55cbff9a
Debug info: 2 ( CodeView )
TimeStamp: 55cbff9a Characteristics: 0 MajorVer: 0 MinorVer: 0
Size: 34 RVA: 0011ebe8 FileOffset: 0011cbe8
CodeView format: RSDS
Signature: {7edb4a59-efff-47ec-b12f-7697e9226177} Age: 1
PdbFile: ntdll.pdb
Debug info: 13 ( Unknown )
TimeStamp: 55cbff9a Characteristics: 0 MajorVer: 0 MinorVer: 0
Size: 1084 RVA: 0011ec20 FileOffset: 0011cc20
Debug information file:
Format: PDB 7.00
Signature: {b9a5ae37-f693-422c-89fb-f6471e0fc5f5} Age: 2
Writing to the debug information file…
Result: Success.
0:000> .reload
Reloading current modules
…..
No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
0:000> !peb
PEB at 00007ff6759af000
InheritedAddressSpace: No
ReadImageFileExecOptions: No
BeingDebugged: Yes
ImageBaseAddress: 00007ff676040000
Ldr 00007fffdf8b71e0
Ldr.Initialized: Yes
etc…
Note: This solution only works if the PDB age signature matches the current DLL, more info about this here: http://www.debuginfo.com/articles/debuginfomatch.html
Windows Update Log using PowerShell Get-WindowsUpdateLog just returning GUIDs?
1601/01/01 11:00:00.0000000 980 8592 Unknown( 14): GUID=464bbb57-d1b3-22d8-23ef-338952442d14 (No Format Information found).
1601/01/01 11:00:00.0000000 980 8592 Unknown( 10): GUID=524890e0-a6db-a018-bdf5-146836fbf25d (No Format Information found).
1601/01/01 11:00:00.0000000 980 8592 Unknown( 11): GUID=6388909c-9384-8454-6d45-b6165f613f9a (No Format Information found).
1601/01/01 11:00:00.0000000 980 8592 Unknown( 11): GUID=524890e0-a6db-a018-bdf5-146836fbf25d (No Format Information found).
1601/01/01 11:00:00.0000000 980 8592 Unknown( 23): GUID=ccdda195-7c91-4637-05e0-79cdf332fe13 (No Format Information found).
Using Fiddler I quickly identified the PDB files it wanted:
Copying the URL column into Excel I did a quick & dirty processing. Filtered on items ending with .PDB and copied the result into a new sheet, then added formula to extract just the filename
=TRIM(RIGHT(SUBSTITUTE(A1,"/",REPT(" ",LEN(A1))),LEN(A1)))
Then pivot table on that column we find the PDB files this process relies on:
storewuauth.pdb
wuapi.pdb
wuauclt.pdb
wuaueng.pdb
wuautoappupdate.pdb
wuuhext.pdb
This resulted in running the following commands, all of which reported success.
chkmatch -m c:\Windows\WinSxS\amd64_microsoft-windows-s..e-windowsupdateauth_31bf3856ad364e35_10.0.10525.0_none_8b70d1ffa911692a\storewuauth.dll c:\win10symbols\storewuauth.pdb\5A9142A09775486CB3053E2D6D6A7B6F1\storewuauth.pdb chkmatch -m c:\windows\sysnative\wuapi.dll C:\win10symbols\wuapi.pdb\03E47413D978470EB9438AD21D5B208E1\wuapi.pdb chkmatch -m c:\windows\sysnative\wuauclt.exe c:\win10symbols\wuauclt.pdb\E0D0C18A15D24973B0AE8799EFFFC1001\wuauclt.pdb chkmatch -m c:\windows\sysnative\wuaueng.dll c:\win10symbols\wuaueng.pdb\EBADD49A0078487A8BD8DBFE7D56D88B1\wuaueng.pdb chkmatch -m c:\windows\sysnative\wuautoappupdate.dll c:\win10symbols\wuautoappupdate.pdb\2E4D201B897D4FACB97B5198FC9B2CBD1\wuautoappupdate.pdb chkmatch -m c:\windows\sysnative\wuuhext.dll c:\win10symbols\wuuhext.pdb\C94A76FA1A6546D38EBCAAE1B7C0A39C1\wuuhext.pdb
We then run PowerShell cmd
Get-WindowsUpdateLog –SymbolServer C:\win10symbols
However unlike WinDbg, this is not working, as the paths don’t match
So I made a copy of each folder, the copy with the same name that tracerpt.exe was looking for
WOW! I CAN NOW READ THE WINDOWS UPDATE LOG!!!!!!!!!!!!!!!!!!!!!!!!!!!! WOO-HOO
That was easy.
2015/09/01 10:40:01.8948051 996 9112 SLS Retrieving SLS response from server using ETAG Ww/uzEDtiHGuCQKdqqiVoucsE3BysNngQpDk+NfngSU=_1440″…”
2015/09/01 10:40:01.8949751 996 9112 SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{7971F918-A847-4430-9279-4A52D1EFE18D}/x64/10.0.10525.0/0?CH=423&L=en-US&P=&PT=0x30&WUA=10.0.10525.0
2015/09/01 10:40:22.9594201 996 9112 Misc Send request failed, hr:0x80072ee2
2015/09/01 10:40:22.9594266 996 9112 Misc WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2; retrying with default proxy.
2015/09/01 10:40:43.9686947 996 9112 Misc Send request failed, hr:0x80072ee2
2015/09/01 10:40:43.9687321 996 9112 SLS Failed: hr = 0x80072EE2
2015/09/01 10:40:43.9690170 996 9112 SLS GetResponse failed with hresult 0x80072ee2…
2015/09/01 10:40:43.9690306 996 9112 Agent Failed to retrieve SLS response data for service 7971f918-a847-4430-9279-4a52d1efe18d, error = 0x80072ee2
2015/09/01 10:40:43.9884897 996 9112 SLS Retrieving SLS response from server using ETAG Ww/uzEDtiHGuCQKdqqiVoucsE3BysNngQpDk+NfngSU=_1440″…”
2015/09/01 10:40:43.9887935 996 9112 SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{7971F918-A847-4430-9279-4A52D1EFE18D}/x64/10.0.10525.0/0?CH=423&L=en-US&P=&PT=0x30&WUA=10.0.10525.0
2015/09/01 10:41:05.0047561 996 9112 Misc Send request failed, hr:0x80072ee2
2015/09/01 10:41:05.0047606 996 9112 Misc WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2; retrying with default proxy.
2015/09/01 10:41:26.0152702 996 9112 Misc Send request failed, hr:0x80072ee2
2015/09/01 10:41:26.0152821 996 9112 SLS Failed: hr = 0x80072EE2
2015/09/01 10:41:26.0157665 996 9112 SLS GetResponse failed with hresult 0x80072ee2…
2015/09/01 10:41:26.0157936 996 9112 Misc EP: error: 0x80072EE2 : – failed to get SLS data
Much better than the old method of opening the WindowsUpdate.log from C:\Windows… :)
opening that one is unreadable now I believe, it points you to a URL explaining how to access in the new way using power shell.
They make it so difficult to just view the log lol…I downloaded the symbol pack and ran the PowerShell Get-WindowsUpdateLog … now I have to go in Excel and parse, and use Fiddler lol… why such a complicated way just to view their log
This is only the case if symbols are not available, if you are using preview builds that don’t have symbols available.
I don’t get it where is the WinDbg steps of the instructions :(