[SOLVED] WinDbg issue: dbgerr001: PEB is Paged Out

Maxstar

Maxstar

Windows Update Moderator, Security Analyst
Staff member
Joined
Aug 16, 2015
Posts
14,470
Location
The Netherlands
Since a few weeks WinDbg shows the following message when I want to load a *.dmp file.

Code: 
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00a1f018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
1: kd> !analyze -v
Failed to download extension ext for command analyze
No export analyze found

When I run .reload /f /user I get the same "PEB is paged out" message.
When I run !process it shows the following, and a possible (memory) issue with Everything.exe. But why is "!analyze -v" failing?

Code: 
1: kd>  !process
PROCESS ffffce0573ee8080
    SessionId: 22  Cid: 2e44    Peb: 00a1f000  ParentCid: 046c
    DirBase: 45a3a0002  ObjectTable: 00000000  HandleCount:   0.
    Image: Everything.exe
    VadRoot ffffce058860f060 Vads 123 Clone 0 Private 270827. Modified 417838. Locked 0.
    DeviceMap ffffa68fad249650
    Token                             ffffa68fd1396770
    ReadMemory error: Cannot get nt!KeMaximumIncrement value.
fffff78000000000: Unable to get shared data
    ElapsedTime                       00:00:00.000
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         112216
    QuotaPoolUsage[NonPagedPool]      16728
    Working Set Sizes (now,min,max)  (268507, 50, 345) (1074028KB, 200KB, 1380KB)
    PeakWorkingSetSize                304212
    VirtualSize                       5242 Mb
    PeakVirtualSize                   5405 Mb
    PageFaultCount                    653722
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      271667

        THREAD ffffce056d0de080  Cid 2e44.2514  Teb: 0000000000000000 Win32Thread: 0000000000000000 RUNNING on processor 1

How can I fix this? The *.dmp opens without any issues on another system with the same config / symbol path.

When I try the following command I see an access denied (Toegang geweigerd.) error! Redirecting

Code: 
1: kd> .load C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\winext\ext.dll
The call to LoadLibrary(C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\winext\ext.dll) failed, Win32 error 0n5
    "Toegang geweigerd."
Please check your debugger configuration and/or network access.
Error: Failed to load extension C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2410.11001.0_x64__8wekyb3d8bbwe\amd64\winext\ext.dll
 
Last edited:
If you use the version of WinDbg in the SDK it might simply be a case of updating the SDK. Also try the dump in WinDbg Preview on the same system.

I have had generally similar issues with WinDbg in out of date SDKs. Is the WinDbg version the same on the other system (where it works)?
 
Thanks, the WinDbg Preview version worked properly. However, it was indeed an SDK issue, so I've removed 10.0.20348.x and reinstalled 10.0.19041.685 and this solved the problem..
 
Back
Top