Click here to Skip to main content
15,867,686 members
Articles / Desktop Programming / MFC

How to Inspect the Content of a Program Database (PDB) File

Rate me:
Please Sign up or sign in to vote.
4.87/5 (64 votes)
14 Jan 2014CPOL4 min read 485.2K   21.7K   244   104
Get to know the files you use on a daily basis when debugging your application with Visual Studio or WinDbg.

Image 1

Introduction

As Windows software developers, we all extensively use Visual Studio and/or WinDbg to step into our code, set breakpoints, watch variables, and perform many other useful tasks related to the debugging of applications. We somehow know that an internal mechanism exists in order to enable debuggers to map source code to binary and step into many of the available runtime libraries. For this purpose, debuggers use Program Database (PDB) files for managed as well as unmanaged code. PDB for managed code contains less debug information since these are located in the metadata section of the PE sections.

This article has several goals:

  • Show the existence of PDB files and how debuggers use them.
  • Show the existing technology used to retrieve their content.
  • Give an idea about the importance of PDB files while debugging and the kind of information embedded in them.
  • Present a project that implements a comfortable C++ wrapper on top of the esoteric DIA classes as well as a PDB inspector front end. This is the first part of a series dedicated to PDB and their executables counterpart. This article concentrates on one aspect of these PDB files, namely the modules referenced.

Background

As explained by John Robbin in the article mentioned below, "a native C++ PDB file contains a lot of information: 

  • public, private, and static function addresses 
  • Global variable names and addresses 
  • Parameter and local variable names and offsets where to find them on the stack
  • Source file names and their lines, etc..." 

A .NET PDB file only contains two pieces of information: (from John Robbin in the article mentioned below) 

  • The source file names 
  • Their lines and the local variable names

All the other information is already in the .NET metadata so there is no need to duplicate the same information in a PDB file.

For those of you not familiar with the Windows Debug Interface Access, Program Database (PDB), and the basic ideas presented here, a few essential links:

When compiled with debugging information, an executable file contains two references to the associated PDB file:

  • A GUID that matches the one placed in the expected PDB file
  • The full path of the associated PDB file that will be used during the debugging session

PdbParser/Pe_and_pdb.jpg

When a program to be debugged is launched, the debugger goes into the executable file and tries to locate the correct PDB file to proceed to the debugging session. The links above explain these along with how to setup a Symbols server.

Using the Code

The PDB project presented here consists of three parts:

  • PdbParser: C++ project - implements the PdbParser.dll which is a wrapper to the DIA interface.
  • PdbInspectorConsole: C++ Win32 console project - consumes the PdbParser and shows the modules referenced in a PDB file.
  • PdbInspector: C++ MFC project - consumes the PdbParser and shows the modules referenced in a PDB file and a few of the available details related to the modules.

Environment

The project has been developed and tested on Windows Vista Ultimate 32bit only.

Classes Hierarchy

As mentioned earlier, the Microsoft DIA SDK is a COM-based interface to handle PDB files. The problem with this SDK is that it consists of a tremendous collections of interfaces and functions. The PdbParser presented here abstracts these details and offers a simple task oriented set of interfaces. In this version, the PdbPaser concentrates on the collection of modules. The PdbParser is organized into a set of abstract layers. Opening a PDB file is done in two steps:

  • Instantiate PdbParser using the IPdbParserFactory::Create() function:
  • C++
    IPdbParser* pIPdbParser = IPdbParserFactory::Create(); 
  • Open a specific file using the IPdbParser::Open() function:
  • C++
    IPdbParser* pIPdbParser = IPdbParserFactory::Create(); 
    IPdbFile* pIPdbfile = pIPdbParser->OpenFile(L"test.pdb");

In order to retrieve details about a specific module referenced in a PDB file, you has to go through three additional steps:

  • Collect the Modules using the IPdbFile::GetModules() function.
  • Collect the details about a specific module using the IPdbModule::GetModuleDetails() function.
  • Use the IPdbModuleDetails functions available.
  • C++
    //Traverse the Modules
    vector<ipdbmodule*> vModules = pIPdbfile->GetModules();
    vector<ipdbmodule*>::iterator it = vModules.begin();
    for( ;it!=vModules.end();it++)
    {
        IPdbModule* pIPdbModule = *it;
        wprintf(L"%ws\n", pIPdbModule->GetName().c_str());
    }

In order to retrieve the source file names of a specific module, one has to go through three steps:

  • Collect the modules using the IPdbFile::GetModules() function.
  • Collect the files referenced by a specific module using the IPdbModule::GetSourceFiles() function.
  • Use the IPdbSourceFile::GetFileName() function.
  • C++
    //Traverse the Source file Names collection.
    std::vector<ipdbsourcefile*> vSources = pIPdbModule->GetSourceFiles();
    std::vector<ipdbsourcefile*>::iterator it = vSources.begin();
    for( ;it!=vSources.end(); it++)
    {
        IPdbSourceFile* pIPdbSourceFile = *it;
        wprintf(L"%ws\n", pIPdbSourceFile->GetFileName().c_str());
    }

When appropriate, the resources allocated by PdbParser are freed using one last step.

  • Release the allocated resources using the IPdbParserFactory::Destroy() function.
  • C++
    IPdbParserFactory::Destroy(); 

The image below shows the accessors-based hierarchy:

PdbParser/InterfacesHierarchy.jpg

History 

  • 19.06.2009 - The focus in this project is the enumeration of the modules and some of their details
  • 23.06.2009 - Added the enumeration for the source file names
  • 02.07.2009 - Corrected an open/close issue; added the IsStripped() method
  • 20.08.2011
    • Added support for drag and drop of a PDB file on the UI
    • Removed the console demo
    • Updated my web address
  • 30.08.2011 
    • Shows compiler name and version
    • Shows checksum type and value 
  • 26.06.2013
- Changed the path the DIA SDK
- Built and tested with VStudio 2k8 on Windows 7-64 bit in debug and release modes 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Software Developer winitor
Germany Germany
Marc Ochsenmeier is the author of pestudio (www.winitor.com) and worked as developer with the focus on Windows Security. He now works as a Malware Analyst

pestudio is on twitter at: https://twitter.com/ochsenmeier

Comments and Discussions

 
AnswerRe: Unable to bulid the dll file Pin
Member 1012324125-Jun-13 21:51
Member 1012324125-Jun-13 21:51 
GeneralMy vote of 5 Pin
Santhosh G_19-Jun-13 3:06
Santhosh G_19-Jun-13 3:06 
GeneralRe: My vote of 5 Pin
marc ochsenmeier19-Jun-13 5:53
marc ochsenmeier19-Jun-13 5:53 
Questionanother pdb symbolsort utlity Pin
prashantk10013-Feb-13 7:43
prashantk10013-Feb-13 7:43 
QuestionBuild issues Pin
RainCaster29-Nov-12 7:45
RainCaster29-Nov-12 7:45 
AnswerRe: Build issues Pin
marc ochsenmeier2-Jan-13 20:51
marc ochsenmeier2-Jan-13 20:51 
QuestionPdbInspector.exe does not start. Runtime Error! Pin
Baeumle21-May-12 6:04
Baeumle21-May-12 6:04 
AnswerRe: PdbInspector.exe does not start. Runtime Error! Pin
marc ochsenmeier18-Jun-12 1:02
marc ochsenmeier18-Jun-12 1:02 
as a matter of fact, this project has been built using VStudio 2k8. What kind of runtime error do you have on which platform?
GeneralRe: PdbInspector.exe does not start. Runtime Error! Pin
Member 94895336-Oct-12 3:50
Member 94895336-Oct-12 3:50 
GeneralRe: PdbInspector.exe does not start. Runtime Error! Pin
marc ochsenmeier8-Oct-12 9:03
marc ochsenmeier8-Oct-12 9:03 
GeneralRe: PdbInspector.exe does not start. Runtime Error! Pin
Member 94895339-Oct-12 2:12
Member 94895339-Oct-12 2:12 
GeneralRe: PdbInspector.exe does not start. Runtime Error! Pin
marc ochsenmeier9-Oct-12 8:02
marc ochsenmeier9-Oct-12 8:02 
GeneralRe: PdbInspector.exe does not start. Runtime Error! Pin
Erik5-Jun-13 22:48
Erik5-Jun-13 22:48 
GeneralRe: PdbInspector.exe does not start. Runtime Error! Pin
marc ochsenmeier5-Jun-13 22:59
marc ochsenmeier5-Jun-13 22:59 
GeneralMy vote of 5 Pin
UrvishSuthar28-Mar-12 4:11
UrvishSuthar28-Mar-12 4:11 
GeneralMy vote of 5 Pin
Wendelius27-Dec-11 12:15
mentorWendelius27-Dec-11 12:15 
GeneralRe: My vote of 5 Pin
marc ochsenmeier6-Feb-12 5:02
marc ochsenmeier6-Feb-12 5:02 
GeneralRe: My vote of 5 Pin
Wendelius6-Feb-12 5:05
mentorWendelius6-Feb-12 5:05 
GeneralRe: My vote of 5 Pin
marc ochsenmeier6-Feb-12 5:38
marc ochsenmeier6-Feb-12 5:38 
GeneralMy vote of 5 Pin
LaxmikantYadav15-Nov-11 1:29
LaxmikantYadav15-Nov-11 1:29 
GeneralRe: My vote of 5 Pin
marc ochsenmeier15-Nov-11 1:41
marc ochsenmeier15-Nov-11 1:41 
QuestionNo module found, please check Pin
_Chen_Jun_22-Sep-11 17:46
_Chen_Jun_22-Sep-11 17:46 
AnswerRe: No module found, please check Pin
marc ochsenmeier23-Sep-11 22:16
marc ochsenmeier23-Sep-11 22:16 
GeneralMy vote of 5 Pin
Blake Miller9-Sep-11 5:50
Blake Miller9-Sep-11 5:50 
GeneralRe: My vote of 5 Pin
marc ochsenmeier9-Sep-11 9:17
marc ochsenmeier9-Sep-11 9:17 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.