Forcing WinDbg to load symbols of an unloaded module

Question

I'm debugging a module for which I have only the .exe and a .pdb without private symbols.
During the debug session I need to inspect an internal struct. Obviously this struct does not appear in the PDB since it's private - but fortunately I have an .h file where this struct is defined. Therefore I can build some dummy module that uses this struct and obtain a PDB file that contains this struct.

Now I have an unloaded module with the struct symbols, and I would like to load its symbols in order to cast some memory to that struct. (without unloading the original .exe I'm debugging, of course)
The problem: it seems that WinDbg only allows loading symbols for loaded modules...

My question is: Is there a simple way I could load my symbols from the unloaded module?

I've tried .reload /i /f MyDll.dll but I always get ...MyDll.dll - unmatched.
Setting the sympath did not help.

Any ideas?

Answer 1

A better way is .reload /unl MyDll.dll

Unloaded module list contains timestamp (for image/pdb matching) and image base address. Using /unl tells WinDBG to use that information.

Answer 2

You can force windbg to load symbols at a specific address e.g.

0:000> .reload /f /i MyDll.dll=77777777
    c:\sym\MyDll.pdb - unmatched
0:000> lm
start             end                 module name
00000000`55555555 00000000`55555555   notepad    (no symbols)
00000000`77530000 00000000`7762a000   USER32     (deferred)
00000000`77777777 00000000`77777777   MyDll_77777777   (private pdb symbols)  c:\sym\MyDll.pdb

The unmatched warning here is because windbg cannot tell that the symbols match the correct version of the module since it can find no timestamp or checksum.