Recently I was trying to learn more about Windows Kernel. I downloaded right symbols

Question

0

Asked: May 17, 20262026-05-17T22:06:37+00:00 2026-05-17T22:06:37+00:00

Recently I was trying to learn more about Windows Kernel. I downloaded right symbols

0

Recently I was trying to learn more about Windows Kernel. I downloaded right symbols
for my sys(win7 x64 free). I run IDA and open ntoskrnl.exe. IDA asked whether to attach pdb file. But most of functions were not resolved – sub_XXXXXX. So I ran Windbg, I unassembled randomly chosen function which has to be in ntoskrnl – KiSystemCall64. And it show output.
But there is no such function in IDA(or it was not resolved). To sum up, using the same symbols, functions which are unassembled in WinDBg, are not resolved(no sign of them) in IDA(and vice versa).
I would appreciate any help, suggestions from You.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T22:06:37+00:00

Editorial Team

2026-05-17T22:06:37+00:00Added an answer on May 17, 2026 at 10:06 pm

Did you analyze the module after you loaded symbols for it? In the Modules window, right click the kernel and choose “Load debug symbols.” After that’s done, right click the module again and choose, “Analyze module.”

-scott

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Recently I was trying to learn more about Windows Kernel. I downloaded right symbols

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply