Unrecognizable Symbolic Information

Sometimes debugging information is absent from module information in memory dumps and a debugger can't recognize and automatically load symbol files. For example, we see this stack trace without loaded component symbols:

THREAD 8a17c6d8 Cid 02ec.02f0 Teb: 7ffdf000 Win32Thread: e17b4420 WAIT: (UserRequest) UserMode Non-Alertable 89873d00 SynchronizationEvent IRP List: 89d9fd20: (0006,0094) Flags: 00000800 Mdl: 00000000 Not impersonating DeviceMap e10086c8 Owning Process 0 Image: <Unknown> Attached Process 8a17cda0 Image: ApplicationA.exe Wait Start TickCount 8164394 Ticks: 2884 (0:00:00:45.062) Context Switch Count 1769160 LargeStack UserTime 00:00:55.250 KernelTime 00:01:56.109 Start Address 0×0103e5e1 Stack ...

Get Memory Dump Analysis Anthology, Volume 7 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.