WinDbg: Couldn’t load mismatched pdb for ntkrpamp.exe

Author: Ingmar Verheij

When using a  debugging tool (like WinDbg) the debugging tool needs symbol files to display and interpret data. The symbol files (.pdb – program database) are provided by the software vendor, it is not part of the debugging software.

If your system is connected to the internet providing the Microsoft symbol files is very easy, just provide the online symbol server of Microsoft (explained in KB311503).  In my case the system had no direct internet connection so I had to download the symbol files manually.

Mismatched PDB

In this case I was debugging the running kernel of a Microsoft Windows server 2003R2 SP2. Therefore I downloaded the Windows Symbol Package from the Microsoft site (link). Which file you need is pretty simple, choose the operating system and the processor architecture (like x86 or x64). You usually need the download that says “Most customers want this package”.

ntkrpamp.pdb - mismatched pdbDon’t be surprised you’ll get the following error:

DBGHELP: (symbol search path)\ntkrpamp.pdb - file not found
DBGHELP: (symbol search path)\exe\ntkrpamp.pdb - mismatched pdb
DBGHELP: (symbol search path)\symbols\exe\ntkrpamp.pdb - file not found
DBGHELP: ntkrpamp.pdb - file not found
DBGHELP: Couldn't load mismatched pdb for ntkrpamp.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrpamp.exe
DBGHELP: nt - export symbols


The main reason for this is: you’ve installed a post SP2 hotfix that updated ntkrpamp.exe (this applies to other files as well).

 

Solution / work-around

You can solve this by downloading the correct symbol file from the online symbol server of Microsoft (explained in KB311503). This of course requires the use of another machine that is connected to the internet and has the WinDbg installed (Download and Install Debugging Tools for Windows) .

Steps

  1. Copy the executable (of which you want to download the symbol file) to the machine
  2. Open Windows GUI symbolic debugger (WinDbg)
  3. Configure the Symbol Search Path (CTRL+S, see KB311503). Make sure you specify both a local and a remote path
  4. Open the executable (copied in step 1) via Open Crash Dump (CTRL+D)
  5. If you get the question ‘Save information to workspace’ click No (but that’s up to you)

  6. Open the local symbol path (specified in step 3)
  7. Copy the <executablename>.pdb folder to symbol search path on the machine where you have no internet access
  8. The error of ‘mismatched pdb’ should not be solved

 

Cheers!