Solution for reading Win7 dumps in Win10(WinDBG)

Laith · Oct 1, 2015

Guys and gals, i'm here honored to present to you the solution for reading dumps made by Windows 7 on Windows 10 with the latest SDK. After hours and hours of re-search with no success i decided to experiment myself. I got this crazy idea when i was transferring files from my other computer to this computer. The idea was basically, what happens if you transfer the Windows 7 symbols to Windows 10? I decided to try it out, to my surprise it worked and i was able to analyze Windows 7 dumps without any symbol issues at all.

Here is a little tutorial on how to do it.

1. Download my Windows 7 symbol package from here: http://1drv.ms/1VsdqyK

2. Right-click the symcache.zip folder and download it(obviously)

3. When you have downloaded it and opened it you will see that there's a folder inside called "symcache", extract it to your desired place.

4. Go into WinDBG and go to File -> Symbol File Path

5. Click Browse and navigate to where your symbol folder is(in my case it's symcache located in root)

6. Click OK and go to File -> Save Workspace and you are done.

Another way to do is to download and install the symbols from here: Symbols for Service Pack 1(x64) machines, for Service Pack 1(x86),for RTM(x86) and for RTM(x86).

Now you should be able to read Windows 7 dumps without any problems. Please do note that you can't read Windows 10 dumps using this method. If you do want to read Windows 10 dumps you'll need the Windows 10 symbols. Hope this helped you out, this has been driving me nuts since July, i'm sure many of you aswell are tired of seeing this every single time when analyzing a Windows 7 dump.

We can just hope that MS fixes this problem, which they won't do in some time. Anyways that's it.

//Laith

derekimo · Oct 1, 2015

What is different about your symcache?

Laith · Oct 1, 2015

The symcache i uploaded includes the Windows 7 symbols. Normally if you have Windows 10 and set the symbol file path to download from MS it will begin downloading Windows 10 symbols, which aren't suited for Windows 7 dumps so it will just give alot of errors saying that the symbols aren't the correct symbols etc.

derekimo · Oct 1, 2015

That's not quite how it works.

When you start to debug a crash dump file or an application, the Windows Debugger checks whether the symbol information for a module that it loads is in the local folder. If the symbol information of the module is not located in the local folder, WinDbg tries to download the appropriate symbol file or files from the Symbol Server.

Because it may take time to download symbol files, keep in mind that the debugger may appear to stop responding (hang) the first time that you debug an application. This occurs because most of the symbol files for the system DLLs (such as Ntdll.dll, Kernel32.dll, and others) must be downloaded.

Source

You can download the symbols all the way back to XP from here,

https://msdn.microsoft.com/en-us/wi...?f=255&MSPPError=-2147217396#Download_windows

Although you shouldn't really need to if your path is set correctly.

That's also why the symcache folder will grow over time.

Laith · Oct 1, 2015

That's good info aswell. I'll put it in the thread too.

Laith · Oct 2, 2015

Thanks Derek!

MrPepka · Mar 23, 2019

I will dig out this topic. Unfortunately, Microsoft no longer allows you to download symbols from your server, and the link (it from OneDrive) does not work. Is there any other way to download Windows 7 symbols?

torchwood · Mar 23, 2019

Hi MrPepka,

Call sent for help
[MENTION=451597]axe0[/MENTION]

Roy

Laith · Mar 23, 2019

I actually had to fiddle with this the other day, here you go. I should mention that using the Microsoft server works just fine, unless the dumps you are analyzing are corrupted, which happened to be the case for me.

MrPepka · Mar 23, 2019

Microsoft's server has symbols only for Windows 10. There are no symbols for Windows 7 (At least that's how it looks in WinDBG 10.0)
Symbols that you have linked are incomplete and are not suitable for analyzing dumps

Laith · Mar 23, 2019

MrPepka said:
Microsoft's server has symbols only for Windows 10. There are no symbols for Windows 7 (At least that's how it looks in WinDBG 10.0)
Symbols that you have linked are incomplete and are not suitable for analyzing dumps

I am myself running Windows 7 64-bit, and I could analyze the dumps that my computer generated using the symbols from Microsoft's symbol server.
I'm not sure about the symbols I linked, but I'm pretty sure that they are the right ones. They were the ones I linked to start with which had worked for me back then anyway.

axe0 · Jan 18, 2022

Noticed this a bit late.

I don't know if they're still available, but Microsoft used to offer installers that allowed you to get all the symbols for a particular Windows version locally. This allowed me to get many gigabytes of symbols for Windows 10, 8/8.1 and 7.

Just checked and noticed Microsoft no longer offer these installers. Unless you trust someone to give you those symbols, there is no way to get Windows 7 symbols any longer.

Solution for reading Win7 dumps in Win10(WinDBG)

Laith

Otaku Pride

My Computer

derekimo

New member

My Computer

Laith

Otaku Pride

My Computer

derekimo

New member

My Computer

Laith

Otaku Pride

My Computer

Laith

Otaku Pride

My Computer

MrPepka

New member

My Computer

torchwood

Well-known member

My Computer

Laith

Otaku Pride

My Computer

MrPepka

New member

My Computer

Laith

Otaku Pride

My Computer

axe0

BSOD Analyst

My Computer