使用Symchk来离线需要的Symbol文件

2023-10-26

我们在工作中会经常遇到离线环境，这时候就需要准备好离线符号，我们使用安装windbg时候自带的工具SymChk.exe
微软的官方说明在下面

使用起来也很简单，下面是一个使用示例：

使用 SymChk.exe 实用程序下载 Windows\System32 文件夹中所有组件的符号文件，请使用以下命令行命令：
symchk /r c:\windows\system32 /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
在此示例中：
“/r c:\windows\system32”查找 System32 文件夹和所有子文件夹中的所有符号文件。
“/s SRVc:*http://msdl.microsoft.com/download/symbols”指定用于符号解析的符号路径。在此例中，“c:\symbols”是将在其中从符号服务器复制符号的本地文件夹。

如果你的机器已经处于离线状态还可以使用SymChk.exe生成一个所需要符号的清单文件，然后将这个文件移动到可以联网的环境进行下载

Using SymChk

Article
02/04/2022
4 minutes to read
1 contributor

Feedback

The basic syntax for SymChk is as follows:

ConsoleCopy

symchk [/r] FileNames /s SymbolPath

FileNames specifies one or more program files whose symbols are needed. If FileNames is a directory and the /r flag is used, this directory is explored recursively, and SymChk will try to find symbols for all program files in this directory tree. SymbolPath specifies where SymChk is to search for symbols.

There are many more command-line options. For a full listing, see SymChk Command-Line Options.

Obtaining symchk

Symchk, like other debugging tools, ship as part of the debugger. For more information, see Download Debugging Tools for Windows.

Once the debugging tools are installed, symchk is available in this directory for 64 bit Windows.

C:\Program Files (x86)\Windows Kits\10\Debuggers\x64

Example Usage

The symbol path specified can include any number of local directories, UNC directories, or symbol servers. Local directories and UNC directories are not searched recursively. Only the specified directory and a subdirectory based on the executable's extension are searched. For example, the query

ConsoleCopy

symchk thisdriver.sys /s g:\symbols

will search g:\mysymbols and g:\mysymbols\sys.

You can specify a symbol server by using either of the following syntaxes as part of your symbol path:

ConsoleCopy

srv*DownstreamStore*\\Server\Share
srv*\\Server\Share

This is very similar to using a symbol server in the debugger's symbol path. For details on this, see Using Symbol Servers and Symbol Stores.

If a downstream store is specified, SymChk will make copies of all valid symbol files found by the symbol server and place them in the downstream store. Only symbol files that are complete matches are copied downstream.

SymChk always searches the downstream store before querying the symbol server. Therefore you should be careful about using a downstream store when someone else is maintaining the symbol store. If you run SymChk once and it finds symbol files, it will copy those to the downstream store. If you then run SymChk again after these files have been altered or deleted on the symbol store, SymChk will not notice this fact, since it will find what it is looking for on the downstream store and look no further.

Note SymChk always uses SymSrv (Symsrv.dll) as its symbol server DLL. On the other hand, the debuggers can choose a symbol server DLL other than SymSrv if one is available. (SymSrv is the symbol server included in the Debugging Tools for Windows package.)

Using SymChk to determine whether symbols are private or public

To determine whether a symbol file is private or public, use the /v parameter so that SymChk displays verbose output. Suppose MyApp.exe and MyApp.pdb are in the folder c:\sym. Enter this command.

ConsoleCopy

symchk /v c:\sym\MyApp.exe /s c:\sym**

If MyApp.pdb contains private symbols, the output of SymChk looks like this.

ConsoleCopy

[SYMCHK] Searching for symbols to c:\sym\MyApp.exe in path c:\sym
...
DBGHELP: MyApp - private symbols & lines
        c:\sym\MyApp.pdb
...
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1

If MyApp.pdb contains only public symbols, the output of SymChk looks like this.

ConsoleCopy

[SYMCHK] Searching for symbols to c:\sym\MyApp.exe in path c:\sym
...
DBGHELP: MyApp - public symbols
        c:\sym\MyApp.pdb
...
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1

To limit your search so that it finds only public symbol files, use the s option with the /s parameter (/ss). The following command finds a match if MyApp.pdb contains only public symbols. It does not find a match if MyApp.pdb contains private symbols.

ConsoleCopy

symchk /v c:\sym\MyApp.exe /ss c:\sym

For more information, see Public and Private Symbols.

Examples

Here are some examples. The following command searches for symbols for the program Myapp.exe:

ConsoleCopy

e:\debuggers> symchk f:\myapp.exe /s f:\symbols\applications 

SYMCHK: Myapp.exe           FAILED  - Myapp.pdb is missing

SYMCHK: FAILED files = 1
SYMCHK: PASSED + IGNORED files = 0

You can try again with a different symbol path:

ConsoleCopy

e:\debuggers> symchk f:\myapp.exe /s f:\symbols\newdirectory 

SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1

The search was successful this time. If the verbose option is not used, SymChk will only list files for which it failed to find symbols. So in this example no files were listed. You can tell that the search succeeded because there is now one file listed in the "passed" category and none in the "failed" category.

A program file is ignored if it contains no executable code. Many resource files are of this type.

If you prefer to see the file names of all program files, you can use the /v option to generate verbose output:

ConsoleCopy

e:\debuggers> symchk /v f:\myapp.exe /s f:\symbols\newdirectory 

SYMCHK: MyApp.exe           PASSED

SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1

The following command searches for a huge number of Windows symbols in a symbol server. There are a great variety of possible error messages:

ConsoleCopy

e:\debuggers> symchk /r c:\windows\system32 /s srv*\\manysymbols\windows 

SYMCHK: msisam11.dll         FAILED  - MSISAM11.pdb is missing
SYMCHK: msuni11.dll          FAILED  - msuni11link.pdb is missing
SYMCHK: msdxm.ocx            FAILED  - Image is split correctly, but msdxm.dbg i
s missing
SYMCHK: expsrv.dll           FAILED  - Checksum doesn't match with expsrv.DBG
SYMCHK: imeshare.dll         FAILED  - imeshare.opt.pdb is missing
SYMCHK: ir32_32.dll          FAILED  - Built with no debugging information
SYMCHK: author.dll           FAILED  - rpctest.pdb is missing
SYMCHK: msvcrt40.dll         FAILED  - Built with no debugging information
......
SYMCHK: FAILED files = 211
SYMCHK: PASSED + IGNORED files = 4809

Using a Manifest File with SymChk

In some cases, you might need to retrieve symbols for files that are on an isolated computer; that is, a computer that is either not on any network or is on a network that has no symbol store. In that situation, you can use the following procedure to retrieve symbols.

Run SymChk with the /om parameter to create a manifest file that describes the files for which you want to retrieve symbols.
Move the manifest file to a network that has a symbol store.
Run SymChk with the /im parameter to retrieve symbols for the files described in the manifest file.
Move the symbol files back to the isolated computer.

Example

Suppose yourApp.exe is running on an isolated computer. The following command creates a manifest file that describes all the symbols needed to debug the yourApp.exe pocess.

dbgcmdCopy

C:\>SymChk /om c:\Manifest\man.txt /ie yourApp.exe

SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 28

Now assume you have moved the manifest file to a different computer that is on a network that has access to a symbol store. The following command retrieves the symbols described in the manifest file and places them in the mySymbols folder.

dbgcmdCopy

C:\>SymChk /im c:\FolderOnOtherComputer\man.txt /s srv*c:\mysymbols*\\aServer\symbols

SYMCHK: myApp.exe             ERROR - Unable to download file. Error reported was 2
. . .
SYMCHK: FAILED files = 28
SYMCHK: PASSED + IGNORED files = 28

Now you can move the symbols to the isolated computer and use them for debugging.

如何下载离线dll的pdb

在某些情况下，可能需要检索位于独立计算机上的文件的符号;也就是说，计算机不在任何网络上，或位于没有符号存储的网络上。在这种情况下，可以使用以下过程来检索符号。

使用 /om 参数运行 SymChk，以创建描述要检索其符号的文件的清单文件。
将清单文件移动到具有符号存储区的网络。
运行带有 /im 参数的 SymChk，以检索清单文件中所描述文件的符号。
将符号文件移回独立计算机。

示例

假设 yourApp.exe 在独立的计算机上运行。下面的命令创建一个清单文件，用于描述调试 yourApp.exe pocess 所需的所有符号。

dbgcmd复制

C:\>SymChk /om c:\Manifest\man.txt /ie yourApp.exe

SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 28

现在假设已将清单文件移动到可访问符号存储区的网络上的另一台计算机。下面的命令检索清单文件中描述的符号，并将其放在 mySymbols 文件夹中。

dbgcmd复制

C:\>SymChk /im c:\FolderOnOtherComputer\man.txt /s srv*c:\mysymbols*\\aServer\symbols

SYMCHK: myApp.exe             ERROR - Unable to download file. Error reported was 2
. . .
SYMCHK: FAILED files = 28
SYMCHK: PASSED + IGNORED files = 28

现在，你可以将符号移到隔离的计算机并将其用于调试。

本文内容由网友自发贡献，版权归原作者所有，本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容，请联系:hwhale#tublm.com(使用前将#替换为@)

Windows