0

I am facing a weird behaviour of DbGHelp API and I cannot even find a theory of explanation. I have some PDB file (for a DLL; downloaded from Internet) and I am looking for a specific symbol within the PDB file. I try four options for doing this:

  1. A fresh pre-built downloaded copy of TYPEINFODUMP;
  2. A copy of TYPEINGODUMP I downloaded and built by myself year and a half ago (built on Windows 8.1 with Visual Studio 10 and Windows SDK 7.0);
  3. The same sources as in #2 but rebuilt now (Windows 10 with Visual Studion 10 and Windows SDK 7.0);
  4. My own code: a pretty trivial sequence of SymInitialize(), SymLoadModule64() and SymEnumSymbols() (built on Windows 10 with Visual Studion 10 and Windows SDK 7.0).

All these options are used on Windows 10, and the same dbghelp.dll is loaded by all of them (checked; 10.0.14321.1024) except option #1 (it brings its own copy of dbghelp.dll version 6.3.0017.0).

Now, the required symbol is found in all cases. Nevertheless, options #1, #3 and #4 report this symbol with TypeIndex=0, Size=0 and Tag=SymTagPublicSymbol, which is incorrect. Only option #2 reports the symbol with TypeIndex=2, Size=295 and Tag=SymTagFunction, which is correct indeed. All my attempts to fetch the correct symbol information with some code (mine or not) compiled now ended with nothing. Only TYPEINFODUMP I built some time ago brings correct result. I am absolutely despaired. Is there any logical explanation for this situation? What I might miss?

Mtm 3.14
  • 29
  • 5
  • Well, apparently I figured out what was going on. The problem was not related to compilation/run environment or dbghelp.dll version. I did not mention one detail I considered unimportant but it made the difference. In case #2, I used a copy of TYPEINGODUMP that I built bit it was a modified copy. I added an optional symbol pattern to look for. – Mtm 3.14 Jun 27 '18 at 10:11
  • Thus suggesting I was interested in symbol "foo", I was looking for "\*foo\*" while all other cases (#1, #3, #4) attempted to look for the symbol by its exact name "foo". It looks like a weird bug in all versions of dbghelp.dll that came out with the specific PDB file I dealt with. Somehow different search mechanisms are used for an exact symbol name and a name pattern. And the symbol data is not filled correctly while looking for a symbol by its exact name. But the data is filled correctly indeed if the symbol is searched by a name pattern. As I said, weird... – Mtm 3.14 Jun 27 '18 at 10:17

0 Answers0