Crash dump - WinDbg - force PDB files to match doe

2020-03-01 17:04发布

I have a crash dump for a customer's application built with a very old version of our dll (release build, don't have original symbols) that I've been analyzing in WinDbg.

In order to get more information, I rebuilt the dll in release mode, with symbols this time, using the same compiler version and I believe the same settings as when the dll was originally built. I added the symbol file to my symbol path, but the WinDbg extension !itoldyouso tells me the module in the dump doesn't match the PDB file. Enabling SYMOPT_LOAD_ANYTHING doesn't help either.

!itoldyouso tells me they don't match because the module has no pdb sig (value 0), versus the recreated symbol file I made (with a valid pdb sig). How do I get them to match?

3条回答
相关推荐>>
2楼-- · 2020-03-01 17:41

Try chkmatch (http://debuginfo.com/tools/chkmatch.html) - it's able to override signatures in pdb file so exe and pdb will match. Also, some time ago I wrote a post about checking pdb files "offline", maybe you will find there something useful: http://lowleveldesign.wordpress.com/2011/12/09/pdb-file-out-of-debugger/.

查看更多
淡お忘
3楼-- · 2020-03-01 17:53

Its unfortunate that you do not have the matching symbols for your DLL :(. As per my understanding, any attempt now will not be able to get you an exact matching PDB.

Recycling some old threads which should help :

Is it possible to (re)create a PDB file after a DLL is made

Tool to find if dll (or) exe and PDB file match

Your best bet would be

a. sync your code back to the time when the DLL was released

b. build and create PDB using the same tool set.

c. use .reload /i option to load symbols

查看更多
神经病院院长
4楼-- · 2020-03-01 17:55

Have you tried .reload /i foo.dll ?

For verbose output try:

!sym noisy;.reload /i foo.dll;x foo!*test*

查看更多
登录 后发表回答