April 8, 2008
8:24 am

Using Process Explorer without an Internet Connection


This will create a manifest file called SYMLIST in the C: drive that has what looks like gibberish in it if you open it up in Notepad.

The information after the file name is the checksum for the file.  This is important information because we need to make sure that we pull down the proper symbols.  Take the C:\SYMLIST file over to CLOUD and run the following command: symchk.exe /im c:\symlist /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols – what we are doing here is telling SYMCHK.EXE to read the manifest file (C:\Symlist) and then get the appropriate symbols from Microsoft’s public symbol server (http://msdl.microsoft.com/download/symbols) and create a local symbol store (C:\Symbols).  This local store will be populated with the symbols for NTOSKRNL.EXE.

Now, take the C:\Symbols folder from CLOUD and copy it over to ISLAND.  The rest of the process involves configuring Process Explorer in the same way we did earlier – point to the proper DBGHELP.DLL file and our new C:\Symbols folder and we’re ready to view our Pool limits.

You can use these same commands to generate symbols if you want to view the thread stack of a process inside Process Explorer or even if you want to debug an application on the server itself.  Below are some other useful switches for SYMCHK.EXE:

  • /if <Filename> - Input is a file name.  Wildcards can be used to specify the file name
  • /id <DumpFile> - Input is a dump file
  • /ih <HotFix> - Input is a self-extracting Hotfix cab
  • /ie <ExeName> - Input is an application name that is currently running.  If the provided ExeName is '*', all currently running processes will be checked
  • /im <ManifestList> - Input is a manifest previously created using the /om <file> option
  • /ip <ProcessId> - Input is a process id. If the provided ProcessID is '*', all currently running processes will be checked
  • /it <TextFileList>   Input is a list of files, one per line, inside of a text file

Source:→ Microsoft

Microsoft, Windows Process, Processes, Windows Explorer, Internet, Debugging, Troubleshooting, Knowledgebase

Pages: 1 2

Loading

Contextual Related Posts:

Subscribe to our site Feed | Get email updates | Save & Share | Top | Back

No followup yet

Leave a Response

Comment Preview
« Nielsen Online: Microsoft and Yahoo! sites comparedWindows Vista or Windows XP: Patch to fix “black screen on resuming Hibernation” on multiprocessor computer – KB951126 »
Skip to Content | Refresh page | Top | Back
Feed Icon

Subscribe via RSS or email:

 

 

Top Windows 7 Posts

Recent Popular Posts

Overall Popular Posts

Recommended Links

Last Recent Posts

Recent Posts

Meta Section

Locations of visitors to this page