Can I use map2dbg with 64 bit Delphi executables?

Question

I am currently using map2dbg to create a .dbg file from my Delphi .map files. This works beautifully for 32 bit executables. For 64 bit executables the call to map2dbg.exe appears to succeed, but the resulting .dbg file does not appear to be useful. When I view stack traces in Process Explorer, they have no symbol names.

Should I even expect map2dbg to work in 64 bit? And if not, is there an alternative that I can use?

Answer 1

I've made a small research and it seems that map2dbg can in fact be used for 64bit executables made in Delphi XE2. The only point is you should modify WORD in the produced DBG file at offset 4 from $8664 to $014C.

Yes, this looks like a nonsense, because this means to change Machine field in DBG header from AMD64 to X86, but this really results in a DBG file correctly loading in both WinDbg and Process Explorer.

I've made a patched version of map2dbg version 1.3, so it automatically writes $14c into DBG. Here is the archive: http://yadi.sk/d/kbVFCGyI2gQzM

UPDATE: DBG files made with the patched version of map2dbg are accepted by both Process Explorer and WinDbg, and the symbols from these DBGs are correctly linked with the corresponding addresses in the executable, but wrong stack frames are displayed.

The reason is in DBGHELP library. As can be seen from its disassembly, it only loads the DBG files made for X86 or Alpha processors (Machine field values $14c and $184). But if we manually change the Machine field in a DBG file from AMD64 to X86, then DBGHELP will treat the executable as a 32-bit module (so PDATA segment from the executable won't be used during the stack unwind), and incorrect stack frames will be shown by the debuggers.

I've patched both x86 and x64 versions of DBGHELP installed with WinSDK for Win8. The patched versions allow for loading DBG files with AMD64 Machine field ($8664), so the stack frames as displayed as expected. These versions are available in this archive: http://yadi.sk/d/7ZDLv2ed2gRGo

So, we now have two different approaches to use the symbols from 64-bit executables compiled with Delphi XE2:

1. Simple way: use the patched map2dbg to produce "fake-x86" DBGs, which can be loaded into WinDbg and Process Explorer, so the symbol addresses will be shown, but the debuggers won't be able to display the stack frames.

2. "Hardcore" way: use the patched dbghelp.dll, with the support of AMD64 DBG files. With this version of DBGHELP, WinDbg and Process Explorer can unwind the stack frames.

ONE MORE UPDATE: cv2pdb tool can now convert DBG files created with map2dbg into PDBs. Both 32-bit and 64-bit executables are supported.

Here's a compiled version of the latest sources of cv2pdb.