!heap not working for hang dumps taken on a Windows 2008 R2 SP1 machine with ntdll.dll 6.1.7601.18939 RRS feed

  • Question

  • I am trying to analyze a hang dump from a customer system and I get following when I run !heap:

    0:000> !heap
    ***                                                                   ***
    ***                                                                   ***
    ***    Your debugger is not using the correct symbols                 ***
    ***                                                                   ***
    ***    In order for this command to work properly, your symbol path   ***
    ***    must point to .pdb files that have full type information.      ***
    ***                                                                   ***
    ***    Certain .pdb files (such as the public OS symbols) do not      ***
    ***    contain the required information.  Contact the group that      ***
    ***    provided you with these symbols if you need this command to    ***
    ***    work.                                                          ***
    ***                                                                   ***
    ***    Type referenced: ntdll!_HEAP_ENTRY                             ***
    ***                                                                   ***
    Invalid type information

    This is quite common problem, but I believe I have correct symbols loaded from MS symbol server:

    start             end                 module name
    00000000`772b0000 00000000`77459000   ntdll      (pdb symbols)          d:\symbols\ntdll.pdb\4BF6B1313C5C41D5BC33DD96E4F337862\ntdll.pdb
        Loaded symbol image file: ntdll.dll
        Image path: C:\Windows\System32\ntdll.dll
        Image name: ntdll.dll
        Timestamp:        Thu Jul 23 02:00:08 2015 (55B02E88)
        CheckSum:         001B56FE
        ImageSize:        001A9000
        File version:     6.1.7601.18939
        Product version:  6.1.7601.18939
        File flags:       0 (Mask 3F)
        File OS:          40004 NT Win32
        File type:        2.0 Dll
        File date:        00000000.00000000
        Translations:     0409.04b0
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     ntdll.dll
        OriginalFilename: ntdll.dll
        ProductVersion:   6.1.7601.18939
        FileVersion:      6.1.7601.18939 (win7sp1_gdr.150722-0600)
        FileDescription:  NT Layer DLL
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

    I reproduced the issue on my Windows 2008R2 SP1 system - before installing KB3080149 (which installs ntdll.dll 6.1.7601.18939) I am able to run !heap on hang dumps taken on the system. After installing KB3080149 I am unable to run !heap on hang dumps taken on the system. If I uninstall the KB3080149, I can analyze the hang dumps again.

    Is this a known issue? Or do I need to upgrade anything? I tried installing the current version of Windbg (the one which is part of Windows 8.1 SDK), but it did not help.

    • Edited by Ondrej Kolos Thursday, September 17, 2015 12:05 PM
    Thursday, September 17, 2015 8:08 AM

All replies