Windbg - Detecting symbols needed for a crash dump

I have a crash dump file that I need to analyze using windbg to run some tests.

Due to some restrictions I can't comment, my symbols folder can only contain the symbols needed to analy开发者_JAVA技巧ze this crash dump.

Is there a way to know the exact symbols needed by a dump? If it helps, I can first analyze this dump in another environment where all the symbols are available.

Thank you.

You can use !sym noisy to make Windbg dump out the symbol it needs and looks for. If you set up a symbol path with a local cache, Windbg will download into the local cache path only the needed symbols.
If you load the dump on your machine, force it to load all the symbols, the lml command will show all loaded symbols and you can see each module where it loaded the symbols from, copy only those pdb files into your target restricted environment.

I'm not entirely sure if this is possible. Analyzing a dump is a dynamic process but you're looking for a static solution. It's not possible to know what symbols will be needed unless you already know what the problem is. Therefore it's not possible to know what set of symbols will be needed.

Even doing something as simple as saying that "I will only provide symbols for the DLL's which have frames on the stack" is not enough. It's possible that memory corruption or a global variable from a DLL not on the stack could influence the behavior of the program. Leaving symbols for that DLL out could prevent diagnosis of a problem.

One approach though which will yield decent results would be the following

• Load up the dump in the environment where all symbols are available
• Set the symbol path to the directory
• run "analyze -v"
• Dump the state of modules at this point and include symbols for any DLL for which windbg loaded symbols.

You can also use the command:

lml

after running "analyze -v" to display which symbols WinDbg loaded or attempted to load.