windbg找到我的应用程序pdb文件,即使我还没有揭示其路径 [英] windbg finds my application pdb file even when I haven't revealed its path
问题描述
- 我在我的文档下的默认项目文件夹中创建了一个简单的演示应用程序(app.exe)。
- 我将app.exe复制到c:
-
与 Sysinternals串实用程序:
字符串app.exe | findstr.pdb
将输出PDB的完整路径。
-
另一个实现类似结果的工具(更具体的调试方法)是 DebugDir :
E:\ [...] \DebugDir> DebugDir.exe E:\ [...] \Reporter.exe
文件:E:\ [...] \Reporter.exe
调试目录中的条目数:1
调试目录条目1:
类型:2(CodeView)
时间戳:5772e493特性:0 MajorVer:0 MinorVer:0
大小:120 RVA:000ba482 FileOffset:000b8682
CodeView格式:RSDS
签名:{eac36e37-78c5-47c5-bc95-7c6e5896f694}年龄:1
PdbFile:E:\ [...] \obj\Debug\\ \\ Reporter.pdb
-
在WinDbg中,使用
!lmi
0:009> !lmi Reporter
[...]
调试数据目录:类型大小VA指针
CODEVIEW 77,82cf2,80ef2 RSDS - GUID:{588CF7EE-FA7C-44F9-850C-382520749BE8}
年龄:1,Pdb:E:\ [...] \obj\Debug\Reporter.pdb
符号类型:DEFERRED - 无错误 - 符号加载延迟
加载报告:没有符号加载
或者,首先找出模块的地址,然后转储头非常详细)。
0:009> lm m记者
开始结束模块名
002c0000 00350000记者(延迟)
0:009> !dh 002c0000
[...]
调试目录(1)
类型大小地址指针
cv 77 82cf2 80ef2格式:RSDS,guid,1,E:\ [ ...] \obj\Debug\Reporter.pdb
- I created a simple demo application (app.exe) in default projects folder under my documents.
- I copied the app.exe to c:\test\app folder without copying the pdb file.
You can verify that e.g. with Sysinternals Strings utility:
strings app.exe | findstr ".pdb"
will output the full path to the PDB.
Another tool (a bit more specific to debugging) to achieve a similar result is DebugDir:
E:\[...]\DebugDir>DebugDir.exe "E:\[...]\Reporter.exe" File: E:\[...]\Reporter.exe Number of entries in debug directory: 1 Debug directory entry 1: Type: 2 ( CodeView ) TimeStamp: 5772e493 Characteristics: 0 MajorVer: 0 MinorVer: 0 Size: 120 RVA: 000ba482 FileOffset: 000b8682 CodeView format: RSDS Signature: {eac36e37-78c5-47c5-bc95-7c6e5896f694} Age: 1 PdbFile: E:\[...]\obj\Debug\Reporter.pdb
In WinDbg itself, use
!lmi
0:009> !lmi Reporter [...] Debug Data Dirs: Type Size VA Pointer CODEVIEW 77, 82cf2, 80ef2 RSDS - GUID: {588CF7EE-FA7C-44F9-850C-382520749BE8} Age: 1, Pdb: E:\[...]\obj\Debug\Reporter.pdb Symbol Type: DEFERRED - No error - symbol load deferred Load Report: no symbols loaded
Alternatively, first find out the address of the module and then dump the headers (which is quite verbose).
0:009> lm m Reporter start end module name 002c0000 00350000 Reporter (deferred) 0:009> !dh 002c0000 [...] Debug Directories(1) Type Size Address Pointer cv 77 82cf2 80ef2 Format: RSDS, guid, 1, E:\[...]\obj\Debug\Reporter.pdb
$ b $ p 我使用windbg(文件菜单>打开可执行文件)运行此可执行文件。我希望它不会找到符号文件,但它是!
我设置sympath到 .sympath srv * c:\test\Symbols * https://msdl.microsoft.com/download/symbols
lm
是
0:000> lm
开始结束模块名称
013b0000 013b8000 App C(私有pdb符号)c:\users\username\documents\visual studio 2013\Projects\App\Release\App .pdb
0f500000 0f571000 MSVCP120(私有pdb符号)c:\test\symbols\msvcp120.i386.pdb\0B631FCA474F4F6FBBE54C497C5821361\msvcp120.i386.pdb
0f740000 0f82e000 MSVCR120(私有pdb符号)c:\test\symbols\msvcr120.i386.pdb\16F5E2EF340A453ABC8B8F67DC6FD8082\msvcr120.i386.pdb
76860000 768a7000 KERNELBASE(pdb符号)c:\test\symbols\wkernelbase.pdb \90BA6126FA6340F1ABFAE58DB8B7FB7D1\wkernelbase.pdb
769e0000 76af0000 kernel32(pdb符号)c:\test\symbols\wkernel32.pdb\515F42F53681439D989AC0FC08F7F8F72\wkernel32.pdb
77210000 77390000 ntdll(pdb符号)c:\test\symbols\wntdll.pdb\B5ACAC3B4A6C4515AF416D60366399652\wntdll.pdb
所以我运行的可执行文件是在 c:\test\app\app.exe
,它是如何找到其pdb文件在
<解决方案
应用程序在可执行文件中包含PDB文件的路径。您可以通过多种方式显示此信息:
如果你不想让路径成为你的可执行文件的一部分,检查是否有一个编译器/链接器设置关闭这个功能,例如 / pdbpath:none
for Microsoft Visual C ++编译器。
如果你不想让调试器找到PDB,将PDB移动到不同的文件夹,而不是可执行文件。
I run this executable with windbg (File menu > Open executable). I expect it NOT to find the symbol file but it does!
I set sympath to .sympath srv*c:\test\Symbols*https://msdl.microsoft.com/download/symbols
The output for lm
is
0:000> lm
start end module name
013b0000 013b8000 App C (private pdb symbols) c:\users\username\documents\visual studio 2013\Projects\App\Release\App.pdb
0f500000 0f571000 MSVCP120 (private pdb symbols) c:\test\symbols\msvcp120.i386.pdb\0B631FCA474F4F6FBBE54C497C5821361\msvcp120.i386.pdb
0f740000 0f82e000 MSVCR120 (private pdb symbols) c:\test\symbols\msvcr120.i386.pdb\16F5E2EF340A453ABC8B8F67DC6FD8082\msvcr120.i386.pdb
76860000 768a7000 KERNELBASE (pdb symbols) c:\test\symbols\wkernelbase.pdb\90BA6126FA6340F1ABFAE58DB8B7FB7D1\wkernelbase.pdb
769e0000 76af0000 kernel32 (pdb symbols) c:\test\symbols\wkernel32.pdb\515F42F53681439D989AC0FC08F7F8F72\wkernel32.pdb
77210000 77390000 ntdll (pdb symbols) c:\test\symbols\wntdll.pdb\B5ACAC3B4A6C4515AF416D60366399652\wntdll.pdb
So the executable I am running is in c:\test\app\app.exe
, how does it finds its pdb file in my documents
folder?
I verified, it is not cached.
Applications contain the path to the PDB file in the executable itself. You can make that visible in various ways:
If you don't want the path to be part of your executable, check if there's a compiler/linker setting that turns this feature off, e.g. /pdbpath:none
for the Microsoft Visual C++ compiler.
If you don't want the debugger to find the PDB, move the PDB into a different folder instead of the executable.
这篇关于windbg找到我的应用程序pdb文件,即使我还没有揭示其路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!