SO:
IMAGE_OPTIONAL_HEADER::RvaAndSizes[IMAGE_DEBUG_DIRECTORY_ENTRY].Rva + base
-> IMAGE_DEBUG_DIRECTORY
IMAGE_DEBUG_DIRECTORY::Type==IMAGE_DEBUG_TYPE_CODEVIEW
IMAGE_DEBUG_DIRECTORY::PointerToRawData + base -> PDB70_INFO
PDB70_INFO::CodeviewSignature==‘RSDS’
struct PDB70_INFO
{
DWORD CodeviewSignature;
UUID PdbSignature;
DWORD PdbAge;
UCHAR PdbFilename[1];
};
PdbFilename is NULL terminated.
Good luck,
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of raj_r
Sent: Monday, January 30, 2012 4:14 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] Getting PDB7 sig from binary
dumpbin /pdbpath
File Type: DLL
PDB file found at
‘F:\symbols\user32.pdb\D18A41B74E7F458CAAAC1847E2D8BF022\user32.pdb’
dumpbin /headers
Time Type Size RVA Pointer
48025D7A cv 23 00060260 5F660 Format: RSDS,
{D18A41B7-4E7F-458C-AAAC-1847E2D8BF02}, 2, user32.pdb
48025D7A ( A) 4 0006025C 5F65C BB030E38
netmon rip
Http: Response, HTTP/1.1, Status: Ok, URL:
/download/symbols/user32.pdb/D18A41B74E7F458CAAAC1847E2D8BF022/user32.pd_
On 1/30/12, Martin O’Brien wrote:
> Yes, i do.
>
> I dont have the information in front of me, but basically, the
> IMAGE_DEBUG_DIRECTORY entry will have a type of CODEVIEW, and the rva
> of an RSDS header, which will have the uuid and age (as shown by
> dumpbin /HEADERS).
>
> When I get to work in a bit, I’ll clean up this answer, but that’s
> basically it.
>
> Mm
> On Jan 29, 2012 11:45 PM, wrote:
>
>> I would like to provide the option to manually download symbols for
>> the current version of the OS that the client is running for systems
>> without an internet connection.
>>
>> The manifest tool seems to do just that but I would like to provide
>> an integrated solution without having to distribute the manifest tool
>> along and capturing its command line output.
>>
>> There are DbgHelp functions such as SymGetModuleInfoW64 but it
>> requires symbols to be available in order to be able to extract a
>> PDB7 sig from a binary. If not, the PDB7 remains zeroed.
>>
>> The manifest tool instead does not use DbgHelp but relies on
>> symbolcheck.dll which is redistributable but unfortunately comes
>> without a header file or documentation or I must have missed
>> something.
>>
>> So I would like to ask, does anybody know of a way to
>> programmatically extract a PDB7 signature from a binary without
>> connceting to a symbol store or server ?
>>
>> //Daniel
>>
>>
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer