Sep 262013
 
About AgeStore

It’s a good habit to clear out old symbol files. Debugging tools for windows comes with a built in tool which help us do this. The tool is named ‘AgeStore’.

AgeStore executes in three modes…

  • -date=mm-dd-yy    – deletes all files that were last accessed before the specified date.
  • -days=xx                – deletes all files that were last accessed before today minus the amount of days specified by ‘xx’.
  • -size=xx                 – deletes files in order of last access time (oldest first), until all the files in the directory total to the amount of bytes specified by ‘xx’.

There is a caveat when running this command on vista and later. On Vista and later by default “Last Access Time” is disabled, since AgeStore works on “Last Access Time” the tool will fail. Use fsutil command to turn on “Last Access Time” feature, as follows…

E:\>fsutil behavior set DisableLastAccess 0
DisableLastAccess = 0

This will turn on last access feature. Please note if this feature was off by default, you’ll not see any old files (based on access) since you turned on last access feature just now. So you’ll have to leave this feature on and then later run the AgeStore command.

Note also that if you run the AgeStore command, the default action is to delete files unless, please be very careful. AgeStore can be used on any folder, not just on symbol folder.

AgeStore Help Text
E:\>Agestore

agestore [pathspec]

Deletes all files from a directory based on the last access time of the files.
[pathspec] defines the root path and file specification.
The default is all files in the current working directory

It runs in one of these modes...

-date=mm-dd-yy    - deletes all files that were last accessed before the specified date.
-days=xx          - deletes all files that were last accessed before today minus the
                    amount of days specified by 'xx'.
-size=xx          - deletes files in order of last access time (oldest first), until all the
                    files in the directory total to the amount of bytes specified by 'xx'.
-size             - lists the amount of bytes in the directory.
-lat=<on off>     - toggles filesytem support for last-access-time.

These other command line switches alter the behavior of the program.

-l                - list files only, don't delete
-s                - include subdirectories.
-k                - keep empty subdirectories - normally they are removed.
-q                - quiet mode stops listing of files as they are deleted.
-y                - eliminates the (y/n) prompt.
-r                - deletes RO files

This program deletes files.  You should run agestore with the -l switch
to see what it will delete, before actual usage
Sample Commands
  • The following command lists all symbols older than the given date
    AgeStore e:\pdbsymbols -date=07-08-13 -s –l
  • The following command list all pdb files older than the number of days given below
    AgeStore e:\pdbsymbols -days=60 -s –l
  • The following command deletes files in order of last access time (oldest first), until all the files in the directory total to the amount of bytes specified by the parameter passed to –size command.
    AgeStore e:\pdbsymbols -size=8000000 -s -l
    <snip>
    10375868360 bytes would be deleted
    4336640 bytes would remain
  • The following command lists the amount of bytes in the directory.
    AgeStore e:\pdbsymbols -size -s
Apr 272013
 

Filename and line number information is stored inside private symbols (.pdb file). So if private symbols are available the debugger will try figuring out the line number information. Note: public symbols doesn’t have line number information.

So the question I’ve heard people new to windbg ask is how to turn off line number display. What’s the command for this. What I normally do is and the easiest of all is the ‘.lines’ command. This is a toggle command, next time you execute .lines, the command will turn ‘on’ line number information.

Another option is to use .symopt command:
http://msdn.microsoft.com/en-in/library/windows/hardware/ff558827(v=vs.85).aspx

The symbol option of interest to us is: SYMOPT_LOAD_LINES. Following is the MSDN description of this item.

This symbol option allows line number information to be read from source files. This option must be on for source debugging to work correctly.

In KD and CDB, this option is off by default; in WinDbg, this option is on by default. In CDB and KD, the -lines command-line option will turn this option on. Once the debugger is running, it can be turned on or off by using .symopt+0x10 or .symopt-0x10, respectively. It can also be toggled on and off by using the .lines (Toggle Source Line Support) command.

This option is on by default in DBH. Once DBH is running, it can be turned on or off by using symopt +10 or symopt -10, respectively.

Mar 062012
 

Why should we force symbol loading in Windbg

Sometimes we could have a dump which does not load .pdb files even though they are present in the dump folder. The reason for the load failure is not necessarily every time a code change but could be just a rebuild of the source code. In such cases if you force load the .pdb file you should get a call stack that makes sense but you got to be good at API’s and libraries to make sure the stack makes sense. So until you get a proper .pdb file you can force load a .pdb file and work on the dump.
——————————————————-
Remember: Always insist on correct pdb file.
——————————————————-
So the command to enable this feature is: ‘.symopt’. Lists out the current symbol loading options. On my machine this is what I get…

0:000> .symopt
Symbol options are 0x30377:
0x00000001 – SYMOPT_CASE_INSENSITIVE
0x00000002 – SYMOPT_UNDNAME
0x00000004 – SYMOPT_DEFERRED_LOADS
0x00000010 – SYMOPT_LOAD_LINES
0x00000020 – SYMOPT_OMAP_FIND_NEAREST
0x00000100 – SYMOPT_NO_UNQUALIFIED_LOADS
0x00000200 – SYMOPT_FAIL_CRITICAL_ERRORS
0x00010000 – SYMOPT_AUTO_PUBLICS
0x00020000 – SYMOPT_NO_IMAGE_SEARCH

These flags determine how and what symbols will be loaded. These options also determine whether line number information should be loaded or not.

How to force load debugging symbols

So in our debugging scenario if we want to load symbols in a loose manner, i.e., without strict mapping of .pdb with .exe we will have to enable the following option…

0x00000040 – SYMOPT_LOAD_ANYTHING

In windbg we do this via…

0:000> .symopt+ 0x40
Symbol options are 0x30377:
0x00000001 – SYMOPT_CASE_INSENSITIVE
0x00000002 – SYMOPT_UNDNAME
0x00000004 – SYMOPT_DEFERRED_LOADS
0x00000010 – SYMOPT_LOAD_LINES
0x00000020 – SYMOPT_OMAP_FIND_NEAREST
0x00000040 – SYMOPT_LOAD_ANYTHING <———– Prevents validation of .pdb file
0x00000100 – SYMOPT_NO_UNQUALIFIED_LOADS
0x00000200 – SYMOPT_FAIL_CRITICAL_ERRORS
0x00010000 – SYMOPT_AUTO_PUBLICS
0x00020000 – SYMOPT_NO_IMAGE_SEARCH

To re-enable strict mapping between .exe and .pdb use

0:000> .symopt- 0x40
Symbol options are 0x30377:
0x00000001 – SYMOPT_CASE_INSENSITIVE
0x00000002 – SYMOPT_UNDNAME
0x00000004 – SYMOPT_DEFERRED_LOADS
0x00000010 – SYMOPT_LOAD_LINES
0x00000020 – SYMOPT_OMAP_FIND_NEAREST
0x00000100 – SYMOPT_NO_UNQUALIFIED_LOADS
0x00000200 – SYMOPT_FAIL_CRITICAL_ERRORS
0x00010000 – SYMOPT_AUTO_PUBLICS
0x00020000 – SYMOPT_NO_IMAGE_SEARCH

Note the +/- in the above command. ‘+’ enables, ‘-‘ disables.

Alternative way

Another way or maybe a better way to do this is to do this as and when necessary i.e. via .reload command. So if you see a PDB file not loading up due to a mismatch you can just use .reload and ask the debugger to load up the symbols even when they mismatch. This is how we do it.

Following example shows how to load a mismatched PDB/symbol file for test.exe

.reload /f /i test.exe

The /i in above command tells the debugger to ignore any symbol mismatch and just load up the PDB/Symbol file.