Tips (TIP of the Day)(IDA PRO)Automate Symbols in windbg debugger.

Storm Shadow

Storm Shadow

Administrator
Staff member
Developer
Ida Pro Expert
Elite Cracker
When setting the online symbol server in inviromental setting. Ida will look online, onces attached to process, and retrieve any symbols it can, for the current process.

Setting the _NT_SYMBOL_PATH environment variable
The common Microsoft debugging tools use the SymSrv technology if you provide the correct symsrv syntax in the _NT_SYMBOL_PATH environment variable. These tools automatically include whatever you provide in the variable as the symbol path.
You can set this variable as a system variable or as a user environment variable. To do this from the desktop, right-click My Computer, and then click Properties. On the Advanced tab, click Environment Variables.


Code: 
Set _NT_SYMBOL_PATH = symsrv*symsrv.dll*f:\localsymbols*http://msdl.microsoft.com/download/symbols



Hn7DsZV.jpg


loads all it can

0nkcDqE.jpg


you can check when debugging in WINDBG shell command to check symbol server path.

Code: 
WINDBG>.sympath
Symbol search path is: C:\Users\****\Downloads;symsrv*symsrv.dll*f:\localsymbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: c:\users\****downloads;symsrv*symsrv.dll*f:\localsymbols*http://msdl.microsoft.com/download/symbols
 
************* Symbol Path validation summary **************
Response						 Time (ms)	 Location
OK							   15			C:\Users\****\Downloads
Deferred									   symsrv*symsrv.dll*f:\localsymbols*http://msdl.microsoft.com/download/symbols

Offcause this works with any engine using windbg.
 
You must log in or register to reply here.
Top