Login/Register
Get .pdb file path from windbg
Asked Answered
Solved windbgdebug-symbolspdb-files
C

2

6

Is there a way to get the path of the pdb file currently used by windbg? Either by a native command, or, preferably, using the plugin API.

So, ideally I want to be able to do something like: 

printf(getSymbolFile("ntdll.dll"));

which would print "c:\symbols\ntdll.pdb"

Cottontail answered 12/9, 2013 at 5:28 Comment(0)
R
9

You can use the windbg command !lmi mydll.dll

So for ntdll.dll the image name will display the path:

:004> !lmi ntdll
Loaded Module Info: [ntdll] 
         Module: ntdll
   Base Address: 00000000776f0000
     Image Name: C:\Windows\SYSTEM32\ntdll.dll
   Machine Type: 34404 (X64)
     Time Stamp: 51fb164a Fri Aug 02 03:15:38 2013
           Size: 1a9000
       CheckSum: 1a9bda
Characteristics: 2022  perf
Debug Data Dirs: Type  Size     VA  Pointer
             CODEVIEW    22, 101268,  100668 RSDS - GUID: {400F215C-54DA-4047-88F8-4F5C50491495}
               Age: 2, Pdb: ntdll.pdb
                CLSID     4, 101264,  100664 [Data not mapped]
     Image Type: FILE     - Image read successfully from debugger.
                 C:\Windows\SYSTEM32\ntdll.dll
    Symbol Type: PDB      - Symbols loaded successfully from symbol server.
                 C:\Program Files\Windows Kits\8.0\Debuggers\x64\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb
    Load Report: public symbols , not source indexed 
                 C:\Program Files\Windows Kits\8.0\Debuggers\x64\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb

This is a bit verbose however.

Thanks to @SeanCline who pointed out the undocumented command !itoldyouso which does the same thing as !chksym

0:030> !itoldyouso ntdll

C:\Windows\SYSTEM32\ntdll.dll
    Timestamp: 51FB164A
  SizeOfImage: 1A9000
          pdb: ntdll.pdb
      pdb sig: 400F215C-54DA-4047-88F8-4F5C50491495
          age: 2

Loaded pdb is C:\Program Files\Windows Kits\8.0\Debuggers\x64\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb

ntdll.pdb
      pdb sig: 400F215C-54DA-4047-88F8-4F5C50491495
          age: 2

MATCH: ntdll.pdb and C:\Windows\SYSTEM32\ntdll.dll

It is still pretty verbose, you save a few lines.

Romain answered 12/9, 2013 at 7:49 Comment(2)
For only symbol information, you could also use the undocumented command !itoldyouso.Kiwanis
@SeanCline ah yes I forgot about that, I will add the output to my answer, thanksRomain
B
4

This can be done with lm (list modules) and a module filter (m) for ntdll:

0:017> lm m ntdll
start    end        module name
77aa0000 77c20000   ntdll      (pdb symbols)          e:\debug\symbols\wntdll.pdb\370278F5B1BA4A16B0DC8199E9623C3C2\wntdll.pdb
Bump answered 26/8, 2015 at 20:50 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.