Hi! I can't seem to get to the bottom of the problem I'm having. I have windb loaded on my win2k pro box, and I'm trying to read a 2 GB memory dump file from an NT 4 sp 6a box. When I point the application at the approprite symbol files, and poen the MEMORY.dmp file, I get an error regarding ntoskrnl timestamps being worng. I've tried this on an NT box as well. Any ideas?
data:
Symbol search path is: D:\dump\crawfish\memorydump\symbols\joyport\symbols;D:\dump\crawfish\memorydump\symbols\symbols
Microsoft (R) Windows Debugger Version 6.1.0017.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\dump\crawfish\memorydump\MEMORY.DMP]
Kernel Dump File: Full address space is available
Symbol search path is: D:\dump\crawfish\memorydump\symbols\joyport\symbols;D:\dump\crawfish\memorydump\symbols\symbols
Executable search path is:
*** WARNING: symbols timestamp is wrong 0x3b2800ae 0x37e8005b for ntoskrnl.exe
Windows NT 4 Kernel Version 1381 UP Free x86 compatible
Product: Server
Kernel base = 0x80100000 PsLoadedModuleList = 0x80151800
Debug session time: Sun Dec 22 18:14:08 2002
System Uptime: 44 days 16:12:28.031
KiProcessorBlock[0] could not be read
WaitForEvent failed
data:
Symbol search path is: D:\dump\crawfish\memorydump\symbols\joyport\symbols;D:\dump\crawfish\memorydump\symbols\symbols
Microsoft (R) Windows Debugger Version 6.1.0017.1
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\dump\crawfish\memorydump\MEMORY.DMP]
Kernel Dump File: Full address space is available
Symbol search path is: D:\dump\crawfish\memorydump\symbols\joyport\symbols;D:\dump\crawfish\memorydump\symbols\symbols
Executable search path is:
*** WARNING: symbols timestamp is wrong 0x3b2800ae 0x37e8005b for ntoskrnl.exe
Windows NT 4 Kernel Version 1381 UP Free x86 compatible
Product: Server
Kernel base = 0x80100000 PsLoadedModuleList = 0x80151800
Debug session time: Sun Dec 22 18:14:08 2002
System Uptime: 44 days 16:12:28.031
KiProcessorBlock[0] could not be read
WaitForEvent failed
