3 Replies Latest reply on Apr 26, 2010 6:28 AM by fixitchris

    Using WinDbg symbol files

    fixitchris Expert

      1.  Install WinDbg inside the guest.  You will need to generate symbol files from the guest since this is the Windows version you will be hooking vprobes to.

       

      2.  Create a local or remote symbol server per Debugging Applications for Microsoft .NET and Microsoft Windows  Part I, Chapter 2 and run the following command from the WinDbg folder:

      google:Applications_net_windows

       

      cscript ossyms2.0.js \\symbols\path
      

       

       

      This will take some time to complete and you should end up with a couple gigs of modules and their PDBs.

       

      3.  Run WinDbg in local kernel debugging mode on the guest and issue the following command, replacing <modulename> with an actual module name:

       

      x <modulename>!*
      

       

       

      4.  Save the output from WinDbg: Edit &gt; Write Window Text to File

       

      5.  Place the saved file in the guest datastore directory.

       

      6.  Stop the guest.

       

      7.  Edit the VMX file to include

       

      vprobe.enable = "TRUE"
      vprobe.guestSyms = "symbolFile.TXT"
      

       

       

      8.  Start the guest.

       

      9.  Issue the vprobeListProbes command to view your imported events.

       

      The attached probes.txt file contains all my events with the NT module imported.  nt.txt is the file I am importing with vprobe.guestSyms.  I am not sure if this will be a problem but the event names look like:

       

      
      GUEST:t!MiShutdownSystem*
      
      

       

       

      instead of

       

      
      GUEST:nt!MiShutdownSystem*
      
      

       

      Any insight on this?

       

      UPDATE FROM VMWARE:

       

      This looks like an issue with our internal parsing logic for windbg-style symbol text files. Try adding a "0`" (w/o the double quotes) to each of the lines and you should see the full, intact probe names.

       

       

      I will check this out and post my results...

       

      http://windbg.info