我们在工作中会经常遇到离线环境,这时候就需要准备好离线符号,我们使用安装windbg时候自带的工具SymChk.exe
微软的官方说明在下面
使用起来也很简单,下面是一个使用示例:
使用 SymChk.exe 实用程序下载 Windows\System32 文件夹中所有组件的符号文件,请使用以下命令行命令:
symchk /r c:\windows\system32 /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
在此示例中:
“/r c:\windows\system32”查找 System32 文件夹和所有子文件夹中的所有符号文件。
“/s SRVc:*http://msdl.microsoft.com/download/symbols”指定用于符号解析的符号路径。在此例中,“c:\symbols”是将在其中从符号服务器复制符号的本地文件夹。
如果你的机器已经处于离线状态还可以使用SymChk.exe生成一个所需要符号的清单文件,然后将这个文件移动到可以联网的环境进行下载
Using SymChk
- Article
- 02/04/2022
- 4 minutes to read
- 1 contributor
Feedback
The basic syntax for SymChk is as follows:
ConsoleCopy
symchk [/r] FileNames /s SymbolPath
FileNames specifies one or more program files whose symbols are needed. If FileNames is a directory and the /r flag is used, this directory is explored recursively, and SymChk will try to find symbols for all program files in this directory tree. SymbolPath specifies where SymChk is to search for symbols.
There are many more command-line options. For a full listing, see SymChk Command-Line Options.
Obtaining symchk
Symchk, like other debugging tools, ship as part of the debugger. For more information, see Download Debugging Tools for Windows.
Once the debugging tools are installed, symchk is available in this directory for 64 bit Windows.
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64
Example Usage
The symbol path specified can include any number of local directories, UNC directories, or symbol servers. Local directories and UNC directories are not searched recursively. Only the specified directory and a subdirectory based on the executable's extension are searched. For example, the query
ConsoleCopy
symchk thisdriver.sys /s g:\symbols
will search g:\mysymbols and g:\mysymbols\sys.
You can specify a symbol server by using either of the following syntaxes as part of your symbol path:
ConsoleCopy
srv*DownstreamStore*\\Server\Share
srv*\\Server\Share
This is very similar to using a symbol server in the debugger's symbol path. For details on this, see Using Symbol Servers and Symbol Stores.
If a downstream store is specified, SymChk will make copies of all valid symbol files found by the symbol server and place them in the downstream store. Only symbol files that are complete matches are copied downstream.
SymChk always searches the downstream store before querying the symbol server. Therefore you should be careful about using a downstream store when someone else is maintaining the symbol store. If you run SymChk once and it finds symbol files, it will copy those to the downstream store. If you then run SymChk again after these files have been altered or deleted on the symbol store, SymChk will not notice this fact, since it will find what it is looking for on the downstream store and look no further.
Note SymChk always uses SymSrv (Symsrv.dll) as its symbol server DLL. On the other hand, the debuggers can choose a symbol server DLL other than SymSrv if one is available. (SymSrv is the symbol server included in the Debugging Tools for Windows package.)
Using SymChk to determine whether symbols are private or public
To determine whether a symbol file is private or public, use the /v parameter so that SymChk displays verbose output. Suppose MyApp.exe and MyApp.pdb are in the folder c:\sym. Enter this command.
ConsoleCopy
symchk /v c:\sym\MyApp.exe /s c:\sym**
If MyApp.pdb contains private symbols, the output of SymChk looks like this.
ConsoleCopy
[SYMCHK] Searching for symbols to c:\sym\MyApp.exe in path c:\sym
...
DBGHELP: MyApp - private symbols & lines
c:\sym\MyApp.pdb
...
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1
If MyApp.pdb contains only public symbols, the output of SymChk looks like this.
ConsoleCopy
[SYMCHK] Searching for symbols to c:\sym\MyApp.exe in path c:\sym
...
DBGHELP: MyApp - public symbols
c:\sym\MyApp.pdb
...
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1
To limit your search so that it finds only public symbol files, use the s option with the /s parameter (/ss). The following command finds a match if MyApp.pdb contains only public symbols. It does not find a match if MyApp.pdb contains private symbols.
ConsoleCopy
symchk /v c:\sym\MyApp.exe /ss c:\sym
For more information, see Public and Private Symbols.
Examples
Here are some examples. The following command searches for symbols for the program Myapp.exe:
ConsoleCopy
e:\debuggers> symchk f:\myapp.exe /s f:\symbols\applications
SYMCHK: Myapp.exe FAILED - Myapp.pdb is missing
SYMCHK: FAILED files = 1
SYMCHK: PASSED + IGNORED files = 0
You can try again with a different symbol path:
ConsoleCopy
e:\debuggers> symchk f:\myapp.exe /s f:\symbols\newdirectory
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1
The search was successful this time. If the verbose option is not used, SymChk will only list files for which it failed to find symbols. So in this example no files were listed. You can tell that the search succeeded because there is now one file listed in the "passed" category and none in the "failed" category.
A program file is ignored if it contains no executable code. Many resource files are of this type.
If you prefer to see the file names of all program files, you can use the /v option to generate verbose output:
ConsoleCopy
e:\debuggers> symchk /v f:\myapp.exe /s f:\symbols\newdirectory
SYMCHK: MyApp.exe PASSED
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1
The following command searches for a huge number of Windows symbols in a symbol server. There are a great variety of possible error messages:
ConsoleCopy
e:\debuggers> symchk /r c:\windows\system32 /s srv*\\manysymbols\windows
SYMCHK: msisam11.dll FAILED - MSISAM11.pdb is missing
SYMCHK: msuni11.dll FAILED - msuni11link.pdb is missing
SYMCHK: msdxm.ocx FAILED - Image is split correctly, but msdxm.dbg i
s missing
SYMCHK: expsrv.dll FAILED - Checksum doesn't match with expsrv.DBG
SYMCHK: imeshare.dll FAILED - imeshare.opt.pdb is missing
SYMCHK: ir32_32.dll FAILED - Built with no debugging information
SYMCHK: author.dll FAILED - rpctest.pdb is missing
SYMCHK: msvcrt40.dll FAILED - Built with no debugging information
......
SYMCHK: FAILED files = 211
SYMCHK: PASSED + IGNORED files = 4809
Using a Manifest File with SymChk
In some cases, you might need to retrieve symbols for files that are on an isolated computer; that is, a computer that is either not on any network or is on a network that has no symbol store. In that situation, you can use the following procedure to retrieve symbols.
-
Run SymChk with the /om parameter to create a manifest file that describes the files for which you want to retrieve symbols.
-
Move the manifest file to a network that has a symbol store.
-
Run SymChk with the /im parameter to retrieve symbols for the files described in the manifest file.
-
Move the symbol files back to the isolated computer.
Example
Suppose yourApp.exe is running on an isolated computer. The following command creates a manifest file that describes all the symbols needed to debug the yourApp.exe pocess.
dbgcmdCopy
C:\>SymChk /om c:\Manifest\man.txt /ie yourApp.exe
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 28
Now assume you have moved the manifest file to a different computer that is on a network that has access to a symbol store. The following command retrieves the symbols described in the manifest file and places them in the mySymbols folder.
dbgcmdCopy
C:\>SymChk /im c:\FolderOnOtherComputer\man.txt /s srv*c:\mysymbols*\\aServer\symbols
SYMCHK: myApp.exe ERROR - Unable to download file. Error reported was 2
. . .
SYMCHK: FAILED files = 28
SYMCHK: PASSED + IGNORED files = 28
Now you can move the symbols to the isolated computer and use them for debugging.
如何下载离线dll的pdb
在某些情况下,可能需要检索位于独立计算机上的文件的符号;也就是说,计算机不在任何网络上,或位于没有符号存储的网络上。 在这种情况下,可以使用以下过程来检索符号。
-
使用 /om 参数运行 SymChk,以创建描述要检索其符号的文件的清单文件。
-
将清单文件移动到具有符号存储区的网络。
-
运行带有 /im 参数的 SymChk,以检索清单文件中所描述文件的符号。
-
将符号文件移回独立计算机。
示例
假设 yourApp.exe 在独立的计算机上运行。 下面的命令创建一个清单文件,用于描述调试 yourApp.exe pocess 所需的所有符号。
dbgcmd复制
C:\>SymChk /om c:\Manifest\man.txt /ie yourApp.exe
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 28
现在假设已将清单文件移动到可访问符号存储区的网络上的另一台计算机。 下面的命令检索清单文件中描述的符号,并将其放在 mySymbols 文件夹中。
dbgcmd复制
C:\>SymChk /im c:\FolderOnOtherComputer\man.txt /s srv*c:\mysymbols*\\aServer\symbols
SYMCHK: myApp.exe ERROR - Unable to download file. Error reported was 2
. . .
SYMCHK: FAILED files = 28
SYMCHK: PASSED + IGNORED files = 28
现在,你可以将符号移到隔离的计算机并将其用于调试。