Windows Explored

Everyday Windows Desktop Support, Advanced Troubleshooting & Other OS Tidbits

«
»

Resolve Symbols in Process Explorer-Monitor Without Installing the Debugging Tools

Posted by William Diaz on January 31, 2012


Sometimes when you are troubleshooting with Process Explorer, it’s helpful to be able to view functions in threads to isolate a problem. The same goes for Process Monitor when viewing the Stack tab in the properties of an operation. By default, Process Explorer and Process Monitor will point to the dbghelp.dll in the windows\system32 folder, but this is a stripped down version and doesn’t support symbol server functionality. Instead, you need the dbghelp.dll from the Windows Debugging Tools to properly resolve symbols, otherwise you will encounter the Process Explorer Warning box when you click the Threads tab in process properties:
image
And the threads will of the process will contain hexadecimal information instead of the functions:
image
Normally, you don’t want to install the debugging tools on user workstations or in situations where time is of the essence–this can be a fairly long installation, require installing other components, and may not work if the OS environmental variable TEMP path happens to be pointing to a location other than the default.

To workaround this, you can copy the dbghelp.dll from another system where the debugging tools have already been installed. By default, this will be in C:\Program Files\Debugging Tools for Windows (x86) for 32 bit or C:\Program Files\Debugging Tools for Windows (x64) for 64 bit. If you haven’t another system that has the complete dbghelp.dll, then you can extract it from the msi package for the debuggins tools. To do this, open a command shell and type the following command (assuming the msi is on the desktop and you have created a tools folder in C:\Windows):

msiexec /a “C:\Document and Settings\username\Desktop\dbg_x86_version.msi” /qb TARGETDIR=C:\Windows\Tools

You can also use any number of file extraction utilities, like lessmsi.

Don’t put the new dbghelp.dll in the system32 folder (it’s protected, anyway)

And don’t forget to point to the Microsoft Symbol Server while you’re at it (http://msdl.microsoft.com/download/symbols):
image
Whereas there were no functions in the first image above, now your symbols can resolve:
image
It’s also worth noting that on a 64 bit OS, Process Explorer and Process Monitor will launch 64 bit processes of themselves, so make sure you also get the 64 bit version of the dbghelp.dll file if you are operating in a mixed environment. Additionally, if you need to examine 32 bit procmon stack on a 64 bit OS, you will be out of luck, even if you load the 32 bit dbghelp.dll into the 32 bit instance of Process Monitor; it will need to be done on a 32 bit OS if you want symbols to resolve. And don’t bother trying to load the 64 bit dbghelp.dll into the 32 bit instance of Procmon:
SNAGHTML6dbe227

This entry was posted on January 31, 2012 at 4:32 pm and is filed under Uncategorized. Tagged: , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Resolve Symbols in Process Explorer-Monitor Without Installing the Debugging Tools”

  1. rajaniesh@gmail.com said

    October 27, 2016 at 12:01 am

    Thanks for sensible post

    Reply

Leave a comment

«
»