Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,132 questions
livekd is unable to find and load LiveKdD.SYS even though the file is present
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 95%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
ARV
1
Reputation point
livekd on my system (Windows 10) is unable to find and load LiveKdD.SYS even though the file is present in c:\windows\system32\drivers. This causes !process command to fail.
I have reinstalled Windows SDK, uninstalled and/or disabled my anti-virus software. I have tried installing the SDK in a more standard location in C:. None of this fixes the issue.
Please see the output below. Notice that LiveKdD.SYS is present in the directory C:\Windows\System32\drivers. And yet, livekd gives the error, "Unable to load image \??\C:\WINDOWS\system32\Drivers\LiveKdD.SYS, Win32 error 0n2" (file not found).
What could be wrong?
C:\Windows\System32\drivers>dir livekdd.sys
Volume in drive C has no label.
Volume Serial Number is 40AB-F993
Directory of C:\Windows\System32\drivers
24-11-2021 21:53 39,272 LiveKdD.SYS
1 File(s) 39,272 bytes
0 Dir(s) 373,415,141,376 bytes free
C:\Windows\System32\drivers>livekd
LiveKd v5.63 - Execute kd/windbg on a live system
Sysinternals - www.sysinternals.com
Copyright (C) 2000-2020 Mark Russinovich and Ken Johnson
Launching D:\Windows Kits\10\Debuggers\x64\kd.exe:
Microsoft (R) Windows Debugger Version 10.0.22000.194 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\livekd.dmp]
Kernel Complete Dump File: Full address space is available
Comment: 'LiveKD live system view'
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`75400000 PsLoadedModuleList = 0xfffff807`7602a2d0
Debug session time: Wed Nov 24 22:38:28.998 2021 (UTC + 5:30)
System Uptime: 0 days 0:46:49.673
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..................................
Loading User Symbols
Loading unloaded module list
.............
For analysis of this file, run !analyze -v
0: kd> .tlist notepad.exe
Unable to load image \??\C:\WINDOWS\system32\Drivers\LiveKdD.SYS, Win32 error 0n2
0n3176 notepad.exe
0: kd> !process 0n3176
Searching for Process with Cid == c68
Cannot resolve nt!_EPROCESS object type
Sysinternals