.I know that a range of memory is a certain pe, however it hasn't been loaded completely in Olly yet. Is there any way to map that range ( for example, I know 0x7C800000 is Kernel32 ) to a certain PE so that I will be able to load its symbols to make it easier for debugging?
On the topic of symbols, I read a while back that OllyDbg had some issues with properly loading symbols. Was there any truth behind this? I have my environment variable _NT_SYMBOL_PATH = srv*C:\WINXP\Symbols*http://msdl.microsoft.com/download/symbols. Do I need to do anything beyond that to properly have symbols working? Are there any other locations to obtain non-Microsoft symbols (3rd party software)? Any other suggestions for loading symbols and having an easier debug session?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}