Sep 262013
 
About AgeStore

It’s a good habit to clear out old symbol files. Debugging tools for windows comes with a built in tool which help us do this. The tool is named ‘AgeStore’.

AgeStore executes in three modes…

  • -date=mm-dd-yy    – deletes all files that were last accessed before the specified date.
  • -days=xx                – deletes all files that were last accessed before today minus the amount of days specified by ‘xx’.
  • -size=xx                 – deletes files in order of last access time (oldest first), until all the files in the directory total to the amount of bytes specified by ‘xx’.

There is a caveat when running this command on vista and later. On Vista and later by default “Last Access Time” is disabled, since AgeStore works on “Last Access Time” the tool will fail. Use fsutil command to turn on “Last Access Time” feature, as follows…

E:\>fsutil behavior set DisableLastAccess 0
DisableLastAccess = 0

This will turn on last access feature. Please note if this feature was off by default, you’ll not see any old files (based on access) since you turned on last access feature just now. So you’ll have to leave this feature on and then later run the AgeStore command.

Note also that if you run the AgeStore command, the default action is to delete files unless, please be very careful. AgeStore can be used on any folder, not just on symbol folder.

AgeStore Help Text
E:\>Agestore

agestore [pathspec]

Deletes all files from a directory based on the last access time of the files.
[pathspec] defines the root path and file specification.
The default is all files in the current working directory

It runs in one of these modes...

-date=mm-dd-yy    - deletes all files that were last accessed before the specified date.
-days=xx          - deletes all files that were last accessed before today minus the
                    amount of days specified by 'xx'.
-size=xx          - deletes files in order of last access time (oldest first), until all the
                    files in the directory total to the amount of bytes specified by 'xx'.
-size             - lists the amount of bytes in the directory.
-lat=<on off>     - toggles filesytem support for last-access-time.

These other command line switches alter the behavior of the program.

-l                - list files only, don't delete
-s                - include subdirectories.
-k                - keep empty subdirectories - normally they are removed.
-q                - quiet mode stops listing of files as they are deleted.
-y                - eliminates the (y/n) prompt.
-r                - deletes RO files

This program deletes files.  You should run agestore with the -l switch
to see what it will delete, before actual usage
Sample Commands
  • The following command lists all symbols older than the given date
    AgeStore e:\pdbsymbols -date=07-08-13 -s –l
  • The following command list all pdb files older than the number of days given below
    AgeStore e:\pdbsymbols -days=60 -s –l
  • The following command deletes files in order of last access time (oldest first), until all the files in the directory total to the amount of bytes specified by the parameter passed to –size command.
    AgeStore e:\pdbsymbols -size=8000000 -s -l
    <snip>
    10375868360 bytes would be deleted
    4336640 bytes would remain
  • The following command lists the amount of bytes in the directory.
    AgeStore e:\pdbsymbols -size -s
Mar 062012
 

Why should we force symbol loading in Windbg

Sometimes we could have a dump which does not load .pdb files even though they are present in the dump folder. The reason for the load failure is not necessarily every time a code change but could be just a rebuild of the source code. In such cases if you force load the .pdb file you should get a call stack that makes sense but you got to be good at API’s and libraries to make sure the stack makes sense. So until you get a proper .pdb file you can force load a .pdb file and work on the dump.
——————————————————-
Remember: Always insist on correct pdb file.
——————————————————-
So the command to enable this feature is: ‘.symopt’. Lists out the current symbol loading options. On my machine this is what I get…

0:000> .symopt
Symbol options are 0x30377:
0x00000001 – SYMOPT_CASE_INSENSITIVE
0x00000002 – SYMOPT_UNDNAME
0x00000004 – SYMOPT_DEFERRED_LOADS
0x00000010 – SYMOPT_LOAD_LINES
0x00000020 – SYMOPT_OMAP_FIND_NEAREST
0x00000100 – SYMOPT_NO_UNQUALIFIED_LOADS
0x00000200 – SYMOPT_FAIL_CRITICAL_ERRORS
0x00010000 – SYMOPT_AUTO_PUBLICS
0x00020000 – SYMOPT_NO_IMAGE_SEARCH

These flags determine how and what symbols will be loaded. These options also determine whether line number information should be loaded or not.

How to force load debugging symbols

So in our debugging scenario if we want to load symbols in a loose manner, i.e., without strict mapping of .pdb with .exe we will have to enable the following option…

0x00000040 – SYMOPT_LOAD_ANYTHING

In windbg we do this via…

0:000> .symopt+ 0x40
Symbol options are 0x30377:
0x00000001 – SYMOPT_CASE_INSENSITIVE
0x00000002 – SYMOPT_UNDNAME
0x00000004 – SYMOPT_DEFERRED_LOADS
0x00000010 – SYMOPT_LOAD_LINES
0x00000020 – SYMOPT_OMAP_FIND_NEAREST
0x00000040 – SYMOPT_LOAD_ANYTHING <———– Prevents validation of .pdb file
0x00000100 – SYMOPT_NO_UNQUALIFIED_LOADS
0x00000200 – SYMOPT_FAIL_CRITICAL_ERRORS
0x00010000 – SYMOPT_AUTO_PUBLICS
0x00020000 – SYMOPT_NO_IMAGE_SEARCH

To re-enable strict mapping between .exe and .pdb use

0:000> .symopt- 0x40
Symbol options are 0x30377:
0x00000001 – SYMOPT_CASE_INSENSITIVE
0x00000002 – SYMOPT_UNDNAME
0x00000004 – SYMOPT_DEFERRED_LOADS
0x00000010 – SYMOPT_LOAD_LINES
0x00000020 – SYMOPT_OMAP_FIND_NEAREST
0x00000100 – SYMOPT_NO_UNQUALIFIED_LOADS
0x00000200 – SYMOPT_FAIL_CRITICAL_ERRORS
0x00010000 – SYMOPT_AUTO_PUBLICS
0x00020000 – SYMOPT_NO_IMAGE_SEARCH

Note the +/- in the above command. ‘+’ enables, ‘-‘ disables.

Alternative way

Another way or maybe a better way to do this is to do this as and when necessary i.e. via .reload command. So if you see a PDB file not loading up due to a mismatch you can just use .reload and ask the debugger to load up the symbols even when they mismatch. This is how we do it.

Following example shows how to load a mismatched PDB/symbol file for test.exe

.reload /f /i test.exe

The /i in above command tells the debugger to ignore any symbol mismatch and just load up the PDB/Symbol file.