.has anyone tried to create an own symbol file especially
NB10 format .pdb file thats created with using /Zi on ml and /debug /debugtype:cv switch for linker in masm
i was poking around labelling [ebp-30] etc to its proper name in ollydbg aka Local.wndclassex.size
if you have a file with source and with debuginfo
ollydbg apparently labels all those local variables
as wc+30 also it names all the args properly like hwnd,hPrevInst etc
so i took the .pdb that was created and put it in the dir that has no debuginfo and tried to load the file
it was setting wrong break points for win main :)
so i just edited the file to correct the offset in the .pdb
and ollydbg labels the args just fine :)
C:\Documents and Settings\xyz\Desktop\toys>dumppdb win.pdb > blah.txt
DumpPDB v0.04 (c) Copyright Tenth Planet Software Intl., C Turvey 1997.
All rights reserved. Non-Commercial use only.
C:\DOCUME~1\xyz\Desktop\toys>dumppdb win1.pdb > blah1.txt
DumpPDB v0.04 (c) Copyright Tenth Planet Software Intl., C Turvey 1997.
All rights reserved. Non-Commercial use only.
C:\DOCUME~1\xyz\Desktop\toys>fc blah.txt blah1.txt
Comparing files blah.txt and BLAH1.TXT
***** blah.txt
win.pdb
***** BLAH1.TXT
win1.pdb
*****
***** blah.txt
0012 1003 S_UDT_VS97 000017E6 FPO_DATA
002E 100B S_GPROC32_VS97 1.00000055[000000E7] WinMain
0012 1006 S_BPREL32_VS97 00000022 [ebp+00000008] hInst
***** BLAH1.TXT
0012 1003 S_UDT_VS97 000017E6 FPO_DATA
002E 100B S_GPROC32_VS97 1.00000031[000000E7] WinMain
0012 1006 S_BPREL32_VS97 00000022 [ebp+00000008] hInst
*****
***** blah.txt
0022 1009 S_PUB32_VS97 00000000 1.00000208 _GetModuleHandleA@4
0016 1009 S_PUB32_VS97 00000000 1.00000024 _start
001A 1009 S_PUB32_VS97 00000000 1.00000055 _WinMain@16
001A 1009 S_PUB32_VS97 00000000 1.0000013C _WndProc@16
***** BLAH1.TXT
0022 1009 S_PUB32_VS97 00000000 1.00000208 _GetModuleHandleA@4
0016 1009 S_PUB32_VS97 00000000 1.00000000 _start
001A 1009 S_PUB32_VS97 00000000 1.00000031 _WinMain@16
001A 1009 S_PUB32_VS97 00000000 1.0000013C _WndProc@16
*****
C:\DOCUME~1\xyz\Desktop\toys>
out put
00401031 >/$ 55 PUSH EBP
00401032 |. 8BEC MOV EBP, ESP
00401034 |. 83C4 B0 ADD ESP, -50
00401037 |. C745 D0 30000>MOV [LOCAL.wc], 30
0040103E |. C745 D4 03000>MOV [LOCAL.wc+4], 3
00401045 |. C745 D8 18114>MOV [LOCAL.wc+8], WIN.WndProc
0040104C |. C745 DC 00000>MOV [LOCAL.wc+C], 0
the toy is from clive turvey freeware
also sven b screiber has some source code availble with regards to reversing pdb file it seems (look for w2k_pdbx.exe)
also in the process i learnt that windbg will not load such arbitrary symbol file unless one uses
.symopt 0x40 (Load_anything) switch
but would err like this
[quote]
*** WARNING: Unable to verify checksum for image00400000
DBGENG: image00400000 has mismatched symbols - type ".hh dbgerr003" for details
DBGHELP: image00400000 - private symbols & lines
D:\borland\masm32\icztutes\TUTE03\image00400000.pdb - unmatched
[/quote]
also some ppl like oleg staradumov has made some apps specifically to match a binary to non matching symbol files
also there is a .dbg file maker floating around that creates hand made .dbg files out of .txt file authored by
istvan for vs debugger
some thing like
dbgmaker -fmb -s mysymbols.txt binary
actually does the job of even adding a
info_debug_dir_structure in peheader
and adds the relevent data
so since hand editing a pdb file kinda works
for non matching binary too
what i like to know is is it possible to produce a
pdb file with relevent header data
but without the blaot but just the required data
so that we can look at all those local variables with names
instead of drab mov dword ds:[ebp+20] ,30
to more colour ful
mov dword ptr ds:[local.WndClassEx.cbstyle],30
if some one could visiualize a simple pdb file creator
then i could probably merge it inside a plugin for ollydbg
hope the above essay makes sense :)
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}