WinDbg issue: dbgerr001: PEB is Paged Out

Maxstar

Maxstar

Windows Update Moderator, Security Analyst
Staff member
Joined
Aug 16, 2015
Posts
14,411
Location
The Netherlands
Since a few weeks WinDbg shows the following message when I want to load a *.dmp file.

Code: 
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00a1f018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
1: kd> !analyze -v
Failed to download extension ext for command analyze
No export analyze found

When I run .reload /f /user I get the same "PEB is paged out" message.
When I run !process it shows the following, and a possible (memory) issue with Everything.exe. But why is "!analyze -v" failing?

Code: 
1: kd>  !process
PROCESS ffffce0573ee8080
    SessionId: 22  Cid: 2e44    Peb: 00a1f000  ParentCid: 046c
    DirBase: 45a3a0002  ObjectTable: 00000000  HandleCount:   0.
    Image: Everything.exe
    VadRoot ffffce058860f060 Vads 123 Clone 0 Private 270827. Modified 417838. Locked 0.
    DeviceMap ffffa68fad249650
    Token                             ffffa68fd1396770
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         112216
    QuotaPoolUsage[NonPagedPool]      16728
    Working Set Sizes (now,min,max)  (268507, 50, 345) (1074028KB, 200KB, 1380KB)
    PeakWorkingSetSize                304212
    VirtualSize                       5242 Mb
    PeakVirtualSize                   5405 Mb
    PageFaultCount                    653722
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      271667

        THREAD ffffce056d0de080  Cid 2e44.2514  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1

How can I fix this? The *.dmp opens without any issues on another system with the same config / symbol path.

When I try the following command I see an access denied (Toegang geweigerd.) error! Redirecting

Code: 
1: kd> .load C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\winext\ext.dll
The call to LoadLibrary(C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\winext\ext.dll) failed, Win32 error 0n5
    "Toegang geweigerd."
Please check your debugger configuration and/or network access.
Error: Failed to load extension C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\winext\ext.dll
 
Last edited:
Back
Top