有没有办法获取windbg当前使用的pdb文件的路径?通过 native 命令,或者最好使用插件 API。
因此,理想情况下,我希望能够执行以下操作:
printf(getSymbolFile("ntdll.dll"));
这将打印“c:\symbols\ntdll.pdb”
最佳答案
您可以使用 windbg 命令 !lmi mydll.dll
因此对于 ntdll.dll 图像名称将显示路径:
:004> !lmi ntdll
Loaded Module Info: [ntdll]
Module: ntdll
Base Address: 00000000776f0000
Image Name: C:\Windows\SYSTEM32\ntdll.dll
Machine Type: 34404 (X64)
Time Stamp: 51fb164a Fri Aug 02 03:15:38 2013
Size: 1a9000
CheckSum: 1a9bda
Characteristics: 2022 perf
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 22, 101268, 100668 RSDS - GUID: {400F215C-54DA-4047-88F8-4F5C50491495}
Age: 2, Pdb: ntdll.pdb
CLSID 4, 101264, 100664 [Data not mapped]
Image Type: FILE - Image read successfully from debugger.
C:\Windows\SYSTEM32\ntdll.dll
Symbol Type: PDB - Symbols loaded successfully from symbol server.
C:\Program Files\Windows Kits\8.0\Debuggers\x64\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb
Load Report: public symbols , not source indexed
C:\Program Files\Windows Kits\8.0\Debuggers\x64\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb
然而,这有点冗长。
感谢@SeanCline,他指出未记录的命令
!itoldyouso 与 !chksym 的作用相同0:030> !itoldyouso ntdll
C:\Windows\SYSTEM32\ntdll.dll
Timestamp: 51FB164A
SizeOfImage: 1A9000
pdb: ntdll.pdb
pdb sig: 400F215C-54DA-4047-88F8-4F5C50491495
age: 2
Loaded pdb is C:\Program Files\Windows Kits\8.0\Debuggers\x64\sym\ntdll.pdb\400F215C54DA404788F84F5C504914952\ntdll.pdb
ntdll.pdb
pdb sig: 400F215C-54DA-4047-88F8-4F5C50491495
age: 2
MATCH: ntdll.pdb and C:\Windows\SYSTEM32\ntdll.dll
它仍然非常冗长,您节省了几行。
关于windbg - 从windbg获取.pdb文件路径,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/18756009/