4.1.5 Accessing the Target Machine's Symbols

4.1.5 Accessing the Target Machine’s Symbols

WinDbg KD must have access to the symbols for the target machine so that the system can accurately interpret the information on the target machine. The symbols for the Windows NT kernel and drivers are stored in .dbg files; the symbols for your driver are stored in the driver’s .sys file itself, or may have been split off into a .dbg file. For more information on splitting symbols from a driver executable image into a .dbg file see Section 4.1.12.

These symbols must be copied into a specific tree layout on disk in order for WinDbg to access them correctly. The root directory of the symbol tree may be created at any level in the disk drives existing directory tree structure. However, it must specifically be named SYMBOLS. The Symbols directory must then have three subdirectories specifically named DLL, SYS, and EXE. When the layout is finished it will have the following layout:

\Symbols

\DLL

\EXE

\SYS

Symbol files for the system can be found in on the Windows NT system CD-ROM in the \SUPPORT directory. The following files should be copied into the directories specified for each file:

·ntoskrnl.dbg should be copied into \SYMBOLS\EXE. If this computer is a multiprocessor machine, it will be necessary to copy ntkrnlmp.dbg to ntoskrnl.dbg in the \SYMBOLS\EXE directory.

·hal.dbg should be copied into \SYMBOLS\DLL. If this computer does not use the standard x86 HAL, then the appropriate HAL symbols for that machine should be copied to hal.dbg in the \SYMBOLS\DLL directory.

·yourdriver.sys (or yourdriver.dbg, if the symbols have been split off into a separate .dbg file) should be copied into \SYMBOLS\SYS.

·otherdrivers.sys with which your driver interacts (or otherdrivers.dbg, if the symbols have been split off into separate .dbg files) should be copied into \SYMBOLS\SYS.

Specify the symbol search path with the User DLLs command from the Options menu of WinDbg. If you start WinDbg KD from the command line, you can use the -y command-line option to specify the symbol search path. The path should point to the named Symbols directory. For example, if Symbols was created a subdirectory of C:\Foo, then the path to apply would be C:\Foo\Symbols.