DownloadPDB icon indicating copy to clipboard operation
DownloadPDB copied to clipboard

Published 20 hours ago verified publisher icon DeDf

Metadata

开源一个获取 windows’s PE 的符号 Url 的工具

换台电脑,在不好的网络环境下,启动调试时下载符号是异常痛苦的,VS/windbg经常会装死给你看。

某个版本notepad.exe的符号下载路径如下,这个Url用迅雷下载很快。

http://msdl.microsoft.com/download/symbols/notepad.pdb/57060987A4344E1A9B9B77F57D14388A2/notepad.pdb

问题是如何得到 57060987A4344E1A9B9B77F57D14388A2,注意最后一个字符是pdb的age,相关API为dbghelp!RetrievePdbInfo.

IDA/windbg symchk.exe/dbghelp.dll/symsrv.dll: 第一次断: wininet!InternetConnectW

某次调试的栈: RetAddr : Args to Child : Call Site 000000005c9c7a3c : 0000000000e79090 0000000000e79950 0000000000e79928 0000000000000002 : symsrv!SymbolServerGetIndexStringW 000000005cecffd8 : 0000000000e79090 0000000000e79950 0000000000e79928 0000000000000002 : symsrv!SymbolServerW+0x9c 000000005ceb591a : 0000000001210080 0000000000e7a1c0 0000000000e79f90 0000000000e79950 : dbghelp!symsrvGetFile+0x1f8 000000005ceb6d75 : 00000000013862d0 0000000001386b78 0000000001386b68 0000000000000000 : dbghelp!diaLocatePdb+0x4da 000000005cee5234 : 00000000013862d0 0000000a197e0235 0000b77800000004 000000000000ad78 : dbghelp!diaGetPdb+0x285 000000005cee2ee6 : 00000000013862d0 0000000000000020 0000000001380860 0000000000e7ae50 : dbghelp!GetDebugData+0x3b4 000000005cee3692 : ffffffffffffffff 0000000001380860 0000000000000000 0000000000e7b0f0 : dbghelp!modload+0x3a6 000000005cedadc5 : ffffffffffffffff 000000000122adf0 0000000000000000 0000000000000000 : dbghelp!LoadModule+0x542 000000005cedaef4 : ffffffffffffffff 0000000000000000 0000000000e7b950 0000000000000000 : dbghelp!SymLoadModuleEx+0x85 00007ffb3d4729ae : ffffffffffffffff 0000000000000000 0000000000e7b950 0000000000000000 : dbghelp!SymLoadModule64+0x54 00007ff78c6e85b2 : 0000000000e7dff0 0000000000bb7c30 0000000000000045 0000000000000002 : SymbolCheck!SymbolCheckByFilenameExA+0x68e 00007ff78c6e5d6f : 0000000000bb7280 0000000000e7f8c0 2b87a53880000000 00007ffb4930e91a : SymChk!SymChkCheckFiles+0x292 00007ff78c6f136a : 0000000000000002 0000000000bb7220 0000000000000000 000008c7009fc00d : SymChk!main+0x1df 00007ffb4c923034 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : SymChk!GetFileIndex+0x23a 00007ffb4ce81461 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : KERNEL32!BaseThreadInitThunk+0x14 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : ntdll!RtlUserThreadStart+0x21

明码在github: https://github.com/DeDf/DownloadPDB

Metadata

35
Stars
21
Forks
Watchers

Owner

verified publisher icon DeDf

Metadata

Back