OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: June 15, 2007 16:16 CDT by F .

I need to get all versions of one specific dll. Clearly, hard to accomplish by googling. This looks better: http://www.microsoft.com/whdc/DevTools/Debugging/symbolpkg.mspx. But how to ask "symbol server" for all versions of one dll?

asotirov		June 15, 2007 18:30.09 CDT
The Microsoft symbol server contains only symbols files, not the actual DLLs. To download a symbol file, you need to use the symchk.exe command from the Debugging Tools for Windows. It needs to access the DLL to get its checksum, which is then used to get the appropriate symbol file. If this is a Windows DLL, you get (most) of its versions from the Windows installation CDs, service packs, security updates and hotfixes released from Microsoft. It will be a lot for work if you only need a single DLL, but I don't have a better solution. Which DLL do you need?

F		June 16, 2007 01:39.03 CDT
Thanks for reply. I know symbol server provides only symbols, taht's what I need. Just hoped there's way to get these symbols without having actual dll (seems that symchk cannot do this). In my program, I'm using unexported symbol, so I try to build version->address map. And it's msv1_0.

anonymouse		June 16, 2007 04:50.14 CDT
> asotirov: The Microsoft symbol server contains only symbols files, not the actual DLLs. no it contains actual dlls ,exes , sys , ocx and everything else as well :) try chkimg in windbg and it will download the actual dll/exe/ocx/ as the case may be for checking the image :) obvioulsy you can abuse this by installing all versions of os in virtual machines and doing chkimg from windbg if you are hardpressed

F		June 16, 2007 07:35.21 CDT
There is API, but it's an egg-or-chicken problem: "If DbgHelp is looking for a .dbg file, the id parameter contains the TimeDateStamp of the original image as found in its PE header. Parameter two contains the SizeOfImage field, also extracted from the PE header. Parameter three is unused and set to zero. If DbgHelp is looking for a .pdb file, the id parameter contains the PDB signature as found in the codeview debug directory of the original image. Parameter two contains the PDB age. Parameter three is unused and set to zero. If DbgHelp is looking for any other type of image, such as an executable file, it is probably being called through the SymFindFileInPath function. In this case, the parameters are opaque to DbgHelp. However, if this function is being used to retrieve an executable file, it is expected that the parameters will be filled in as for a .dbg file, using TimeDateStamp and the image size as parameters. "

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit