I'm debugging a module for which I have only the .exe and a .pdb without private symbols.
During the debug session I need to inspect an internal struct. Obviously this struct does not appear in the PDB since it's private - but fortunately I have an .h file where this struct is defined. Therefore I can build some dummy module that uses this struct and obtain a PDB file that contains this struct.
Now I have an unloaded module with the struct symbols, and I would like to load its symbols in order to cast some memory to that struct. (without unloading the original .exe I'm debugging, of course)
The problem: it seems that WinDbg only allows loading symbols for loaded modules...
My question is: Is there a simple way I could load my symbols from the unloaded module?
I've tried .reload /i /f MyDll.dll
but I always get ...MyDll.dll - unmatched
.
Setting the sympath did not help.
Any ideas?
You can force symbol loading to occur by using the /f option or by issuing an ld (Load Symbols) command.
The easiest way to get Windows symbols is to use the Microsoft public symbol server. The symbol server makes symbols available to your debugging tools as needed. After a symbol file is downloaded from the symbol server it is cached on the local computer for quick access.
A better way is .reload /unl MyDll.dll
Unloaded module list contains timestamp (for image/pdb matching) and image base address. Using /unl
tells WinDBG to use that information.
You can force windbg to load symbols at a specific address e.g.
0:000> .reload /f /i MyDll.dll=77777777
c:\sym\MyDll.pdb - unmatched
0:000> lm
start end module name
00000000`55555555 00000000`55555555 notepad (no symbols)
00000000`77530000 00000000`7762a000 USER32 (deferred)
00000000`77777777 00000000`77777777 MyDll_77777777 (private pdb symbols) c:\sym\MyDll.pdb
The unmatched warning here is because windbg cannot tell that the symbols match the correct version of the module since it can find no timestamp or checksum.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With