Can't get local kernel symbols for ntkrpamp to correctly load in WinDbg

I'm trying to debug a driver issue on a WinXP SP3 system. However, when I connect to the debugger I get:

* ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe

My host machine is WinXP x64 SP2. My debugger version is 6.11.0001.404 (AMD64). The target is WinXP x86 SP3. When I run 'vertarget' I get:

Windows XP Kernel Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_gdr.100427-1636

I used '!sym noisy' to get full symbol loading output. When I try to reload the nt module (the one that didn't load correctly) it lists all the places it looks for the pdb file. For the line where the correct file is (I installed the XP SP3 free symbols) it says:

DBGHELP: e:\symbols\wxp_sp3_x86_fre\exe\ntkrpamp.pdb - mismatched pdb

This is all it tells me. It doesn't say why it's mismatched. Am I missing something here? Thanks in advance.

NOTE: Connecting to Microsoft's symbol server is not an option. The host machine is on an intranet and cannot be connected to the outside world.

EDIT: I 开发者_JS百科was able to fix the problem by reinstalling the target machine. I know the target had some Windows updates installed and I suspect one of these made the symbols for ntkrpamp.exe go out-of-date.

---

The debugger uses timestamps and a checksum to validate the symbols. If you are sure you have the right symbols then just use .reload /fi NT to force loading the PDB you have in the symbol path.

If you do not have access to the internet form the machine being debugged, you can always copy binary to a flash drive, take it to a machine that does have access to the Internet and use kd -z ntkrpamp.exe to debug the binary as a dump file. This will allow you to use Microsoft's symbol server. You can then copy the PDB from the local path to your intranet environment via a flash drive.