loadlibrary
loadlibrary copied to clipboard
taviso
MPClient - No debugging symbols found
Hello,
I'm currently trying to load the mpengine symbols in gdb but mpclient does not manage to find symbols in my files.
I proceeded as follows:
- Retrieved an mpengine file and the associated pdb file.
- Loaded the pdb file in my .ida project.
- Generated the .map file.
- Used Dos2Unix on the generated map file.
The generated .map file looks as follows:
Start Length Name Class
0002:0000000000000000 00000000000A2CCECH .text CODE
0003:0000000000000000 000000000000367C0H .data DATA
0004:0000000000000000 000000000000029A2H .idata DATA
0005:0000000000000000 0000000000005D000H .rsrc DATA
Address Publics by Value
00000001:0000000000000004 const `anonymous namespace'::PeMemoryHelper::`vftable'
00000001:0000000000000014 const std::_Ref_count_obj<`anonymous namespace'::PeMemoryHelper>::`vftable'
00000001:0000000000000024 const regex::detail::charset::`vftable'
00000001:000000000000002C const ResmgrPluginGlue<CResmgrKeyentry,&CResmgrPluginUserInitDefault(AutoInitModules *),&CResmgrPluginUserCleanupDefault(void)>::`vftable'
00000001:0000000000000038 const ResmgrPluginGlue<CResmgrListval,&CResmgrPluginUserInitDefault(AutoInitModules *),&CResmgrPluginUserCleanupDefault(void)>::`vftable'
00000001:0000000000000044 const ResmgrPluginGlue<CResmgrWmi,&CResmgrPluginUserInitDefault(AutoInitModules *),&CResmgrPluginUserCleanupDefault(void)>::`vftable'
00000001:0000000000000050 const ResmgrPluginGlue<CResmgrIoavStream,&CResmgrPluginUserInitDefault(AutoInitModules *),&CResmgrPluginUserCleanupDefault(void)>::`vftable'
00000001:000000000000005C const ResmgrPluginGlue<CResmgrBootSync,&CResmgrPluginUserInitDefault(AutoInitModules *),&CResmgrPluginUserCleanupDefault(void)>::`vftable'
....
However, in gdb, no symbols are found:
gdb -q mpclient
Reading symbols from mpclient...
Really redefine built-in command "trace"? (y or n) [answered Y; input not from terminal]
(gdb) r sample/eicar.com
Starting program: ~/loadlibrary/mpclient sample/eicar.com
mpclient: large number of extra symbols in engine/mpengine.map, increase MAX_EXTRA_EXPORTS and rebuild: No such process
main(): GDB: add-symbol-file engine/mpengine.dll 0x5a100000+0x1000
main(): GDB: shell bash genmapsym.sh 0x5a100000+0x1000 symbols_16875.o < engine/mpengine.map
main(): GDB: add-symbol-file symbols_16875.o 0
Program received signal SIGTRAP, Trace/breakpoint trap.
0x565579f4 in main (argc=2, argv=0xffffd274, envp=0xffffd280)
at mpclient.c:168
168 __debugbreak();
(gdb) add-symbol-file engine/mpengine.dll 0x5a100000+0x1000
add symbol table from file "engine/mpengine.dll" at
.text_addr = 0x5a101000
(y or n) y
Reading symbols from engine/mpengine.dll...
(No debugging symbols found in engine/mpengine.dll)
(gdb) shell bash genmapsym.sh 0x5a100000+0x1000 symbols_16875.o < engine/mpengine.map
(gdb) add-symbol-file symbols_16875.o 0
add symbol table from file "symbols_16875.o" at
.text_addr = 0x0
(y or n) y
Reading symbols from symbols_16875.o...
(No debugging symbols found in symbols_16875.o)
warning: newly-added symbol file "symbols_16875.o" does not provide any symbols
Do you have any idea about what i am doing wrong ? Thank you in advance.
Hmm, what you're doing seems correct - I seem to remember there's a hard coded limit to how many symbols I could handle, and maybe it's been exceeded now.
I think it should be an easy fix, I'll try to reproduce as soon as I have a chance.
