If anyone can give suggestions that would be super helpful. I have Dtrace working. When using FBT though there is a ton of missing function names.
Example from command dtrace -ln "fbt:nt::":
ID PROVIDER MODULE FUNCTION NAME65535 fbt nt +0x00532898 return
I've tried using WinDBG to download the latest copy to my symbol path by setting .symchk and then using .reload /f while local kernel debugging. I've also tried remote kernel debugging, but this doesn't seem to change anything either.
My thoughts would be I could fix this in one of two ways:
I'm not sure if I've missed a step or fully overlooked some way of updating the symbol dtrace uses or how it reads the symbols to get function names out of ntkrnlmp.pdb since WinDbg seems to pull out all the function names, but Dtrace doesn't. If anyone knows some steps I can do or some troubleshooting that would be amazing.
I can look up the function name using WinDBG and get the function offset, but am unsure how to put a function offset into dtrace. It doesn't seem work using the command dtrace -ln "fbt:nt:+0x00532898:". If anyone knows a command to get this to work that would be appreciated.
If anyone can give suggestions that would be super helpful. I have Dtrace working. When using FBT though there is a ton of missing function names.
Example from command dtrace -ln "fbt:nt::":
ID PROVIDER MODULE FUNCTION NAME65535 fbt nt +0x00532898 returnI've tried using WinDBG to download the latest copy to my symbol path by setting .symchk and then using .reload /f while local kernel debugging. I've also tried remote kernel debugging, but this doesn't seem to change anything either.
My thoughts would be I could fix this in one of two ways:
I'm not sure if I've missed a step or fully overlooked some way of updating the symbol dtrace uses or how it reads the symbols to get function names out of ntkrnlmp.pdb since WinDbg seems to pull out all the function names, but Dtrace doesn't. If anyone knows some steps I can do or some troubleshooting that would be amazing.
I can look up the function name using WinDBG and get the function offset, but am unsure how to put a function offset into dtrace. It doesn't seem work using the command dtrace -ln "fbt:nt:+0x00532898:". If anyone knows a command to get this to work that would be appreciated.
Thanks for reading and any help people can give.