Symbols for Debugging

[archrival]

Is there any chance of getting access to debugging symbols (PDB) for AutoIt? I have a memory dump of an AutoIt process and I'm trying to resolve the issue using WinDbg. I'm not sure if the symbols will help, but I'd love to find out.

expandcollapse popup

0:000> !analyze -v
*******************************************************************************
*                                                                            *
*                    Exception Analysis                              *
*                                                                            *
*******************************************************************************
Loading symbols for 00000000`74c80000    wow64.dll -> wow64.dll
Loading symbols for 00000000`74c10000    wow64cpu.dll -> wow64cpu.dll
Loading symbols for 00000000`771c0000    ntdll.dll -> ntdll.dll
Loading symbols for 00000000`76df0000    kernel32.dll -> kernel32.dll
Loading symbols for 00000000`00400000 test.exe -> test.exe
*** ERROR: Module load completed but symbols could not be loaded for test.exe
Force unload of C:\Windows\SysWOW64\user32.dll
Loading symbols for 00000000`76750000    user32.dll -> user32.dll
ModLoad: 00000000`76750000 00000000`76850000 C:\Windows\SysWOW64\user32.dll
Force unload of C:\Windows\SysWOW64\ole32.dll
Loading symbols for 00000000`769a0000    ole32.dll -> ole32.dll
ModLoad: 00000000`769a0000 00000000`76afc000 C:\Windows\SysWOW64\ole32.dll
FAULTING_IP:
+0
00000000`00000000 ??             ???
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 0000000000003104
DEFAULT_BUCKET_ID: STATUS_BREAKPOINT
PROCESS_NAME: test.exe
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: test.exe
PRIMARY_PROBLEM_CLASS: STATUS_BREAKPOINT
BUGCHECK_STR: APPLICATION_FAULT_STATUS_BREAKPOINT
LAST_CONTROL_TRANSFER: from 0000000074c3aea8 to 0000000074c5fe3a
STACK_TEXT:
00000000`0008e2e8 00000000`74c3aea8 : 00000000`003d0000 ffffffff`ffffffff 00000000`002c002a 00000000`769e63b4 : wow64win!NtUserGetMessage+0xa
00000000`0008e2f0 00000000`74c8cf87 : 00000000`008bf8dc 00000000`008bf04c 00000000`fffdb000 00000000`fffdb000 : wow64win!whNtUserGetMessage+0x30
00000000`0008e350 00000000`74c12776 : 00000000`76769f79 00000000`74c80023 00000000`00000246 00000000`008bf044 : wow64!Wow64SystemServiceEx+0xd7
00000000`0008ec10 00000000`74c8d07e : 00000000`00000000 00000000`74c11920 00000000`0008eea0 00000000`771eecd1 : wow64cpu!ServiceNoTurbo+0x2d
00000000`0008ecd0 00000000`74c8c549 : 00000000`00000000 00000000`00000000 00000000`74c84ac8 00000000`7ffe0030 : wow64!RunCpuSimulation+0xa
00000000`0008ed20 00000000`77204956 : 00000000`00213860 00000000`00000000 00000000`772f2670 00000000`772c5978 : wow64!Wow64LdrpInitialize+0x429
00000000`0008f270 00000000`77201a17 : 00000000`00000000 00000000`77204061 00000000`0008f820 00000000`00000000 : ntdll!LdrpInitializeProcess+0x17e4
00000000`0008f760 00000000`771ec32e : 00000000`0008f820 00000000`00000000 00000000`fffdf000 00000000`00000000 : ntdll! ?? ::FNODOBFM::`string'+0x29220
00000000`0008f7d0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe

STACK_COMMAND: ~0s; .ecxr ; kb
FOLLOWUP_IP:
wow64win!NtUserGetMessage+a
00000000`74c5fe3a c3             ret
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: wow64win!NtUserGetMessage+a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: wow64win
IMAGE_NAME: wow64win.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 4e212275
FAILURE_BUCKET_ID: STATUS_BREAKPOINT_80000003_wow64win.dll!NtUserGetMessage
BUCKET_ID: X64_APPLICATION_FAULT_STATUS_BREAKPOINT_wow64win!NtUserGetMessage+a
Followup: MachineOwner

[Richard Robertson]

The symbols will not be available because debugging the executable wouldn't be useful. If you attempt to break into debugging the process, AutoIt itself will actually stop you from doing so by shutting itself down.