I use a symbol store on a network drive to collect debug symbols for our application. The symbols are used while debugging a crash dump file that has been loaded into Visual Studio. I have Powershell scripts in place that manage deleting ‘old’ versions of symbols. Or, so, I thought.
Recently, while working on another script, I noticed that using symstore to delete symbols doesn’t actually delete anything. When I use symstore to delete symbols I see a “0000000161.deleted” file in 000Admin folder for example. This file contains entries for the associated debug symbols. It contains entries like:
"Aggregat.pdb\B4E7044117F0469CB321E9FA9003E4CA5","C:\temp\pdbs\1823\Aggregat.pdb"
The first entry above is the folder for the associated debug symbols for the ‘Aggregat’ module. I would expect that when I delete symbols using the transaction ID, that the corresponding folders (ie. B4E7044117F0469CB321E9FA9003E4CA5) would also be removed. It appears like that’s not the case.
Is my assumption correct? Am I responsible for the full cleanup of the symbols store structure?
Related
I'm going to load several elf-fils into TRACE32 and onto the chip.
But Lauterbach only keeps the symbols of the last uploaded elf file.
How can I change the behavior?
data.load.elf clears all symbols. To prevent TRACE32, tell it to refrain from doing so.
use:
# clear all existing symbols
data.load.elf path\to\myfirst.elf
# additionally load symbols without clearing existing ones.
data.load.elf path\to\mysecond.elf /noclear
I am trying to redo steps of a Linux 'hacking' tutorial in Windows.
In one step the program is debugged using GDB.
The command ptype is used in order to the class definitions of the class Player which is located in a DLL called GameLogic.dll.
I try to mimic this exact step and use ptype on GDB I installed for Windows using MINGW. However, I cannot see any definitions since no symbol file is loaded:
(gdb) ptype Player
No symbol table is loaded. Use the "file" command.
A symbol file GameLogic.pdb is located inside the DLL directoy. It is provided intentionally to investigate the program's structure further.
Yet, using the file command I cannot load it into the program:
(gdb) file "E:/xx/PwnAdventure3/Binaries/Win32
/GameLogic.pdb"
A program is being debugged already.
Are you sure you want to change the file? (y or n) y
"E:/xx/PwnAdventure3/Binaries/Win32
/GameLogic.pdb": not in executable format: File format not recognized
This error could be due to the different executable format used by Windows.
However, there are other methods which I found online while researching this issue:
add-symbol-file filename address
set debug-file-directory <directory>
I cannot figure out how I should use these in this particular case. Since in the examples they provide a .o file as filename. Even though I could provide the .pdb file I also need an address (I suppose it's the address at which the DLL is loaded?).
Defining a different directory via set debug-file-directory <directory> which contains the .pdb file does not work.
I also tried different debuggers like OllDBG, WINDBG, Visual Studio and IDA Pro. In Visual Studio I can see that the symbols where loaded but I cannot find any method to further dig into the disassembled file. Only in OllyDBG I can see that the methods which belong to the Player class, e.g., Player::SetJumpState(bool) are correctly depicted.
I also must admit that I don't have much experience with these tools.
Which steps are necessary in order to load the symbols for the DLL file in GDB additionally so that the ptype command works?
Is there another (better) method using one of the mentioned programs to recreate the Player class along with it's local variables?
Regards
Unfortunately GDB does not support reading symbols from PDB files currently, even on Windows. WinDBG/Visual studio should work though.
Using the symbols window(CTRL + S), i have set WinDbg to load my symbols from a specific location.
Now when i attach my debugger and try to view the stack window, it seems like symbols aren't really loaded properly.
Now, when i use the !sym noisy command and .reload /f, i get the following info from the debugger:
So, from the third picture, why is SYMSRV is even defined? and why is it adding the GUID prefix to the end of the file?
It would've worked if it wasn't that guid windbg adds to the path. What am i doing wrong.
EDIT: after reviewing the log furthermore, i see that the debugger attemps to load the symbol from the local drive.
There are several different formats in which symbols can be stored. These are 0-tier, 2-tier and 3-tier.
0-tier is basically a flat list of files, which is suitable if you have just built your program and all the PDBs are located in one folder. If you enter a local path like c:\path or server share like \\server, WinDbg should consider a 0-tier store layout, but might try others as well.
The problem is that you can only store one version of PDBs in a 0-tier store, which is why the 2-tier and 3-tier symbol stores exist. When symbols are added to such a store, it will consider the GUID, so it is possible to store several versions of the same program. 2- and 3-tier symbol stores should start with srv*. The exact difference between a 2-tier and a 3-tier store is explained in Channel 9 episode 87 and it's possible to convert a 2-tier store into a 3-tier store.
Do not confuse the srv* symbol path syntax with the SYMSRV: debug output. IMHO the SYMSRV: is just a debug message of the symsrv.dll, so nothing to worry about.
The truth about loading symbols can only be monitored with Process Monitor. Not all location where WinDbg searches for symbols are logged, even in the noisy mode.
In addition to the symbol path, DLLs contain a reference to the local path of the PDB and WinDbg will consider this path, independent of the symbol path settings.
When debugging a c++ solution in Visual Studio 2010, It says "No symbols have been loaded for this document." And when I check in debug / modules / <dll I cant debug>.dll / symbol load information It is looking for a pdb with the wrong name.
So, where can I set the name of the symbol it is looking for? I looked all through the command line options, and I can't find such a name anywhere.
I've tried to do a rebuild, a clean + build, but neither helped.
There are two places in which .pdb information is collected
1) C++/Output Files/Program Database Filename
2) Linker/Debugging/Generate Program Database file
By default, 2 is set but 1 is normally set to v100.pdb (for VS2010). If both these files are set to point to the same file, then you should get the symbolic information.
Try searching all PDBs (and .idb) and manually delete them.
The reason some include path is set to that library's directory that contains your PDBs, its .pdb file seems to be used by the VS debugger.
The solution is to delete these .pdb files or to rebuild all libraries.
I'm trying to list all the symbols inside a dylib in order to know which one needs to be updated inside my app (as my app store all links to function as well as their name , to create a dynamic module mechanism that auto detect/update functions automatically at runtime).
Basically what Im searching for is similar as what the nm command do but in code (and not by launching nm on the console then get the output and parse).
I think rsym_macosx could give you some helps to do something like nm. I don't know what kind of symbols you really want to do within your code, but you could modify it based on that and Mach-O format.