Hi,
First, sorry for my poor english.
Perhaps useless, as many thing i do.
When I encounter an anomaly in Winpe, I often use Procmon or Windbg.
But in the System session, I can't access the MS symbols server directly
So, I used the cache but it required me to collect the symbols beforehand from the session "ADM" to fill the cache.
The 20h2 version doesn't bring any great new features other than edge (about 300/400Mb!).
Also, to keep my mind busy in these times of Covid19, I did some research and testing on this subject.
Since I don't think anyone's research is interested, I give the result directly.
I use symchk.exe for demonstration here because it's faster.
The environment variable allows you to create the log file for Dbghelp.
The solution is to change a single key.I wish I'd known her before today.
Here's the result:
X:\windows\system32>set DBGHELP_LOG=\DBGHELP.LOG
X:\windows\system32>X:\Debugger\symchk.exe x:\debugger\symchk.exe /s srv*https://msdl.microso...ownload/symbols
SYMCHK: FAILED files = 1
SYMCHK: symchk.exe FAILED - SymChk.pdb mismatched or not found
SYMCHK: PASSED + IGNORED files = 0X:\windows\system32>reg add "hklm\SOFTWARE\Microsoft\Symbol Server" /v NoInternetProxy /t REG_DWORD /d 1
X:\windows\system32>X:\Debugger\symchk.exe x:\debugger\symchk.exe /s srv*https://msdl.microso...ownload/symbols
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1
The log file confirms access after the key has been changed.
X:\windows\system32>type \DBGHELP.LOG
DBGHELP: new session: Fri Dec 11 10:43:14 2020
DBGHELP: new session: Fri Dec 11 10:46:16 2020
DBGHELP: Symbol Search Path: srv*https://msdl.microso...ownload/symbols
DBGHELP: Symbol Search Path: srv*https://msdl.microso...ownload/symbols
DBGHELP: No header for x:\debugger\symchk.exe. Searching for image on disk
DBGHELP: x:\debugger\symchk.exe - OK
SYMSRV: BYINDEX: 0x1
https://msdl.microso...ownload/symbols
SymChk.pdb
F371EE66D4C70D7E1558DE921D7E36D11
SYMSRV: UNC: X:\Debugger\sym\SymChk.pdb\F371EE66D4C70D7E1558DE921D7E36D11\SymChk.pdb - path not found
SYMSRV: UNC: X:\Debugger\sym\SymChk.pdb\F371EE66D4C70D7E1558DE921D7E36D11\SymChk.pd_ - path not found
SYMSRV: UNC: X:\Debugger\sym\SymChk.pdb\F371EE66D4C70D7E1558DE921D7E36D11\file.ptr - path not found
SYMSRV: WinHttp interface using proxy server: none
SYMSRV: HTTPGET: /download/symbols/index2.txt
SYMSRV: WinHttpSendRequest: 800C2EE7 - ERROR_WINHTTP_NAME_NOT_RESOLVED
SYMSRV: HTTPGET: /download/symbols/SymChk.pdb/F371EE66D4C70D7E1558DE921D7E36D11/SymChk.pdb
SYMSRV: WinHttpSendRequest: 800C2EE7 - ERROR_WINHTTP_NAME_NOT_RESOLVED
SYMSRV: RESULT: 0x800C2EE7
DBGHELP: symchk - no symbols loaded
DBGHELP: closing session: Fri Dec 11 10:43:16 2020
DBGHELP: Symbol Search Path: srv*https://msdl.microso...ownload/symbols
DBGHELP: Symbol Search Path: srv*https://msdl.microso...ownload/symbols
DBGHELP: No header for x:\debugger\symchk.exe. Searching for image on disk
DBGHELP: x:\debugger\symchk.exe - OK
SYMSRV: BYINDEX: 0x1
https://msdl.microso...ownload/symbols
SymChk.pdb
F371EE66D4C70D7E1558DE921D7E36D11
SYMSRV: UNC: X:\Debugger\sym\SymChk.pdb\F371EE66D4C70D7E1558DE921D7E36D11\SymChk.pdb - path not found
SYMSRV: UNC: X:\Debugger\sym\SymChk.pdb\F371EE66D4C70D7E1558DE921D7E36D11\SymChk.pd_ - path not found
SYMSRV: UNC: X:\Debugger\sym\SymChk.pdb\F371EE66D4C70D7E1558DE921D7E36D11\file.ptr - path not found
SYMSRV: HTTPGET: /download/symbols/index2.txt
SYMSRV: HTTPGET: /download/symbols/SymChk.pdb/F371EE66D4C70D7E1558DE921D7E36D11/SymChk.pdb
SYMSRV: SymChk.pdb from https://msdl.microso...wnload/symbols:151552 bytes - copied
SYMSRV: PATH: X:\Debugger\sym\SymChk.pdb\F371EE66D4C70D7E1558DE921D7E36D11\SymChk.pdb
SYMSRV: RESULT: 0x00000000
DBGHELP: symchk - public symbols
X:\Debugger\sym\SymChk.pdb\F371EE66D4C70D7E1558DE921D7E36D11\SymChk.pdb
Now I can play more easily with my favorite tools.
No BSOD, i'm happy.