问题描述

正如我们最近了解到的，微软已经从ntdll 某些版本中的符号.

As we learned recently, Microsoft has stripped type information from symbols in some versions of ntdll.

假设我有一个库的源代码，我想发布公共符号，但从该 PDB 中删除了一些类型定义，我将如何在技术上实现这一点，尤其是在不破坏 PDB 身份信息(时间戳和校验和)的情况下?

Imagine I have the source code of a library and I would like to publish public symbols, but remove some type definitions from that PDB, how would I technically achieve this, especially without breaking the PDB identity information (timestamp and checksum)?

我在在线文档中找不到编译器开关这将允许我传递要排除的类型列表.

I could not find a compiler switch in the online documentation that would allow me to pass a list of types to be excluded.

请注意，我不想从私有符号切换到公共符号，而是要减少公共符号.

Note that I don't want to switch from private symbols to public symbols but reduce public symbols.

推荐答案

WinDbg 附带一个名为 PDBCopy 的工具.-f 命令行开关允许过滤公共符号:

WinDbg comes with a tool named PDBCopy. The -f command line switch allows filtering public symbols:

C:\Program Files\Windows Kits\10\Debuggers\x64>pdbcopy /?

PDBCopy v12.00.30523
usage: PDBCopy <source_pdb> <destination_pdb> [-p] [-s] [-f] [-F] [-a] [-A] [-?]
        [-p]                remove private debug information
        [-s]                create new signature
        [-f:{@file|symbol}] filter specific public symbols out of stripped pdb
        [-F:{@file|symbol}] leave only specific public symbols in stripped pdb
        [-a]                leave all annotation symbols in stripped pdb
        [-a:{@file|symbol}] filter specific annotation symbols out of stripped pdb
        [-A:{@file|symbol}] leave only specific annotation symbols in stripped pdb
        [-?]                display this message

这至少从 WinDbg 6.8 开始就存在了.-a 开关已在 WinDbg 6.12 中添加.

This exists at least since WinDbg 6.8. The -a switches have been added in WinDbg 6.12.

这篇关于从符号中部分删除类型信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！