moyix / pdbparse Goto Github PK

Python code to parse Microsoft PDB files

License: Other

Python 63.80% C 36.20%

pdbparse's Introduction

pdbparse

Automatically exported from code.google.com/p/pdbparse

PDBparse is a GPL-licensed library for parsing Microsoft PDB files. Support for these is already available within Windows through the Debug Interface Access API, however, this interface is not usable on other operating systems.

PDB files are arranged into streams, each of which contains a specific bit of debug information; for example, stream 1 contains general information on the PDB file, and stream 2 contains information on data structures.

Currently, there is support for Microsoft PDB version 7 files (Vista and most Windows XP symbols) as well as version 2 (Windows 2000 and some XP symbols). The following streams are currently supported (see StreamDescriptions for more information on these):

Root Stream
Info Stream
Type Stream
Debug Info Stream
Global Symbol Stream
OMAP Streams
Section Header Streams
FPOv1 Stream
FPOv2 Stream

The open-source library Construct is used to perform the low-level parsing, and is required to run the code.

pdbparse's People

Contributors

Stargazers

Watchers

Forkers

urbanski mountainstorm baiyunping333 ovirtorg gleeda janderse 0xb1dd1e pombredanne chubbymaggie ryanvbissell elmirjagudin hoheinzollern timofonicjunkroom cephurs trapframe jackbro 453483289 citruz huddy1985 sixtymin kirkpatrickc joshuastanding techlord-rce leishen movzxeaxal lucasg cnsuhao awsaba perceptionpoint csky6688 waylandgod raystyle neighty vpaulv zhuhuibeishadiao fengjixuchui luzhlon crackercat anhkggfork ikelos superponible moepus lallouslab hmyit mining8 excitoon-favorites jeffli678 redcodes 751620780 mandier81 leesh3288 ruaronicola rhelmot floatingnumber mgq2018 silascutler okandok 4144 pspcreateprocess vn-os mcmocoder hugmyndakassi eldstal clayne inno157 useryest sxin-h longloo wgwjifeng glitchr9506 kaganisildak keremkusmezer pdbtools es3n1n idaandidapython rahmat-santoso xu7103224 gmh5225 tetrane mgq812 korsisoft

pdbparse's Issues

TypeError: unsupported operand type(s) for /: 'str' and 'str'

Python 3.8.1

>>> print(construct.__version__)
2.9.45

Code (from dbi.py):

def parse_stream(stream):
(...)
    for i in range(0, fileIndex.cMod):
        these = []
        for j in range(modStart[i], modStart[i] + cRefCnt[i]):
            Name = "Name" / CString(encoding = "utf8").parse(Names[NameRef[j]:])
            files.append(Name)
            these.append(Name)
        modules.append(these)

Error:

>>> pdb.STREAM_DBI.load()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\[...]\pdbparse\__init__.py", line 276, in load
    debug = dbi.parse_stream(self.stream_file)
  File "C:\[...]\pdbparse\dbi.py", line 160, in parse_stream
    Name = "Name" / CString(encoding = "utf8").parse(Names[NameRef[j]:])
TypeError: unsupported operand type(s) for /: 'str' and 'str'

Python 3.12 not supported

construct<2.10 uses the imp module, which was removed on Python 3.12. Is there a reason not to use a more recent construct version?

pdbparse does not recognize T_HRESULTS (patched attached)

The patch defines it as unsigned long based on: 
http://msdn.microsoft.com/en-us/library/bb446131.aspx

Original issue reported on code.google.com by [email protected] on 3 Jul 2014 at 3:11

Attachments:

pdbparse.diff

Tool dosn't handle pdb file

What steps will reproduce the problem?
1.
./print_ctypes.py /tmp/3/sy55gkj5l0gk4/BUGSLAYERUTIL.PDB

What is the expected output? What do you see instead?
================================================================================
Debugging exception of Struct('type'):
  File "/usr/lib/python2.5/site-packages/construct/debug.py", line 111, in
_parse
    return self.subcon._parse(stream, context)
  File "/usr/lib/python2.5/site-packages/construct/core.py", line 522, in
_parse
    subobj = sc._parse(stream, context)
  File "/usr/lib/python2.5/site-packages/construct/core.py", line 700, in
_parse
    obj = self.cases.get(key, self.default)._parse(stream, context)
  File "/usr/lib/python2.5/site-packages/construct/core.py", line 522, in
_parse
    subobj = sc._parse(stream, context)
  File "/usr/lib/python2.5/site-packages/construct/core.py", line 996, in
_parse
    stream2.close()
  File "/usr/lib/python2.5/site-packages/construct/lib/bitstream.py", line
13, in close
    self.total_size)
ValueError: ('total size of read data must be a multiple of 8', 28)

(you can set the value of 'self.retval', which will be returned)
> /usr/lib/python2.5/site-packages/construct/lib/bitstream.py(13)close()
-> self.total_size)
(Pdb)

What version of the product are you using? On what operating system?
Last version on linux.

Please provide any additional information below.

Original issue reported on code.google.com by [email protected] on 20 Mar 2010 at 4:10

Attachments:

BUGSLAYERUTIL.PDB

new base type in visual studio 12?

we encountered an error parsing a pdb created by visual studio 12

$ python pdb_tpi_vtypes.py ConsoleApplication1.pdb 
Traceback (most recent call last):
  File "pdb_tpi_vtypes.py", line 157, in <module>
    pdb.STREAM_TPI.load()
  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 221, in load
    tpis = tpi.parse_stream(self.stream_file,unnamed_hack,elim_fwdrefs)
  File "/usr/local/lib/python2.7/dist-packages/pdbparse/tpi.py", line 1081, in parse_stream
    resolve_typerefs(t, types, min) for t in types[i].substructs
  File "/usr/local/lib/python2.7/dist-packages/pdbparse/tpi.py", line 1013, in resolve_typerefs
    setattr(leaf, attr, base_type._decode(ref,{}))
  File "/usr/local/lib/python2.7/dist-packages/construct-2.5.1-py2.7.egg/construct/adapters.py", line 99, in _decode
    obj, self.subcon.name))
construct.adapters.MappingError: no decoding mapping for 12 [base_type]

The same exe compiled with visual studio 2010 is handled fine. i attached both 
the problematic one (ConsoleApplication1.pdb) and the one that is ok 
(ConsoleApplication1_vc2010.pdb)

Original issue reported on code.google.com by [email protected] on 12 Nov 2013 at 1:24

Attachments:

Process ntkrnlmp.pdb except

the file link is:
http://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/A32C55CDEBC1441DAC80552A86F5F11F1/ntkrnlmp.pdb

Traceback (most recent call last):
File "/usr/local/bin/pdb_print_gvars.py", line 56, in
main(args[0], args[1])
File "/usr/local/bin/pdb_print_gvars.py", line 23, in main
pdb = pdbparse.parse(filename)
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 554, in parse
return PDB7(f, fast_load)
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 521, in init
self.read_root(self.root_stream)
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 467, in read_root
parent = self))
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 154, in init
self.load()
File "/usr/local/lib64/python3.6/site-packages/pdbparse/init.py", line 262, in load
tpis = tpi.parse_stream(self.stream_file, unnamed_hack, elim_fwdrefs)
File "/usr/local/lib64/python3.6/site-packages/pdbparse/tpi.py", line 1160, in parse_stream
tpi_stream = TPIStream.parse_stream(fp)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 300, in parse_stream
return self._parsereport(stream, context, "(parsing)")
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse
return self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2120, in _parse
subobj = sc._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse
return self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2413, in _parse
e = self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse
return self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2120, in _parse
subobj = sc._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 2653, in _parse
return self.subcon._parsereport(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 5040, in _parse
stream2 = io.BytesIO(data._parsereport(stream, context, path))
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 848, in _parse
return stream_read(stream, length, path)
File "/usr/local/lib/python3.6/site-packages/construct/core.py", line 91, in stream_read
raise StreamError("stream read less than specified amount, expected %d, found %d" % (length, len(data)), path=path)
construct.core.StreamError: Error in path (parsing) -> TPIStream -> types -> types -> type_data
stream read less than specified amount, expected 94, found 0

License for inclusion in scancode

@moyix I am considering using pdbparse in https://github.com/nexB/scancode-toolkit/ which is Apache-licensed. For now my pdb support is rather missing and a list of links: https://github.com/nexB/scancode-toolkit-contrib/blob/develop/src/compiledcode/pdb.py
Though I have OK support for dwarfs and pe (and some ideas for mach-o).
Would you consider an alternative license amenable to use pdbparse as a Python library?
If you feel strongly about being only GPL, feel free to ignore me plainly

Cordially
Philippe

installation issues

Hi!
I am trying to install pdbparse on a Windows 10 machine, I have python 3.6 installed and I have also installed Visual Studio 2015 with C++ (and C++ programs are built properly).

I launch a classic pip installation like:

pip install pdbparse

As error I got:

C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\cl.exe /c /nologo /Ox /W3 /GL /DNDEBUG /MD -IC:\Users\flavio\AppData\Local\Programs\Python\Python36\include -IC:\Users\flavio\AppData\Local\Programs\Python\Python36\include /Tcsrc/undname.c /Fobuild\temp.win-amd64-3.6\Release\src/undname.obj undname.c src/undname.c(22): fatal error C1083: Cannot open include file: 'assert.h': No such file or directory error: command 'C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\bin\\cl.exe' failed with exit status 2

I tryied also to compile the last version from repo by using python setup.py build. Getting the same result.

I tryied also to set all the environment variables by using vcvarsall.bat, but apparently it does not work.

I am pretty sure I am missing something. But I don't get what.

May you help me please?

Construct 2.8+ unsupported

This means one has to install a legacy module. This project should be upgraded to work with the newer Construct for easier installation.

AttributeError: type_info

Hi BDG,

I ran into exceptions parsing this pdb.

My environments:
- python 2.7
- pdbparse from pypi
- construct 2.5.1 from mint 16(ubuntu 13.10) apt-get install.

in my script I called pdbparse like this:
> pdb = pdbparse.parse(pdbFile) 

and exception occurred in tpi.py:
>  File "/usr/local/lib/python2.7/dist-packages/pdbparse/tpi.py", line 940, in 
merge_subcon
>    subcon = getattr(parent, subattr)
>  File 
"/usr/local/lib/python2.7/dist-packages/construct-2.5.1-py2.7.egg/construct/lib/
container.py", line 35, in __getattr__
>    raise AttributeError(name)
> AttributeError: type_info

I took a look into the code and in tpi.py Line 942:
> for a in (k for k in dir(subcon) if not k.startswith("_")):

dir(subcon) returns all methods of subcon, instead of its dict keys.

I tried to change it to "for k in subcon.keys()", and another 
construct.adapters.MappingError popped out:

>  File "./dumpPDB.py", line 159, in dump_types
>    pdb = pdbparse.parse(pdbFile) #call the parse function in __init__ of the 
pdbparse library
>  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 
439, in parse
>    return PDB7(f, fast_load)
>  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 
406, in __init__
>    self.read_root(self.root_stream)
>  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 
363, in read_root
>    parent=self))
>  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 
106, in __init__
>    else: self.load()
>  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 
215, in load
>    debug = dbi.parse_stream(self.stream_file)
>  File "/usr/local/lib/python2.7/dist-packages/pdbparse/dbi.py", line 83, in 
parse_stream
>    dbihdr = DBIHeader.parse_stream(stream)
>  File 
"/usr/local/lib/python2.7/dist-packages/construct-2.5.1-py2.7.egg/construct/core
.py", line 197, in parse_stream
>    return self._parse(stream, Container())
>  File 
"/usr/local/lib/python2.7/dist-packages/construct-2.5.1-py2.7.egg/construct/core
.py", line 661, in _parse
>    subobj = sc._parse(stream, context)
>  File 
"/usr/local/lib/python2.7/dist-packages/construct-2.5.1-py2.7.egg/construct/core
.py", line 287, in _parse
>    return self._decode(self.subcon._parse(stream, context), context)
>  File 
"/usr/local/lib/python2.7/dist-packages/construct-2.5.1-py2.7.egg/construct/adap
ters.py", line 99, in _decode
    obj, self.subcon.name))
> construct.adapters.MappingError: no decoding mapping for 0 [Machine]

The Windows_XP.pdb is attached.

Original issue reported on code.google.com by [email protected] on 3 Apr 2014 at 11:47

Attachments:

Windows_XP.pdb

SVN checkout link is dead

What steps will reproduce the problem?
1.  attempt to checkout according to instructions

Original issue reported on code.google.com by [email protected] on 14 Jan 2012 at 12:20

examples/pdb_tpi_vtypes.py produces invalid Python

examples/pdb_tpi_vtypes.py produces output that can't be consumed by Python. Partial output:

ntkrpamp_types = {
  'b'LIST_ENTRY64'' : [ 0x10, {
    'b'Flink'' : [ 0x0, ['unsigned long long']],
    'b'Blink'' : [ 0x8, ['unsigned long long']],
} ],
  'b'LIST_ENTRY32'' : [ 0x8, {
...

Incorrect output from print_ctypes.py

What steps will reproduce the problem?
1. Get ntdll.pdb for Windows 7 x64
2. Run the example: print_ctypes.py -f ntdll.pdb

What is the expected output? What do you see instead?
The definition for LARGE_INTEGER is wrong. The description from Microsoft (see 
http://msdn.microsoft.com/en-us/library/aa383713(v=vs.85).aspx) indicates an 8 
byte union. However, the output from pdbparse shows a 16 byte union.

pdbparse defines this:
union _LARGE_INTEGER {
  ULONG LowPart;
  LONG  HighPart;
  union {
  struct {
    ULONG LowPart;
    LONG  HighPart;
   } u ;
  LONGLONG QuadPart ;
  };

};


What version of the product are you using? On what operating system?
SVN repository HEAD as of 2012-03-28.

Please provide any additional information below.
This behavior probably affects other definitions.

Original issue reported on code.google.com by [email protected] on 29 Mar 2012 at 2:01

Bitfields should include their underlying type in the output vtype, as well as the start and end bits

Hiya,

Just a little enhancement request to include the underlying type of a bitfield 
in the output vtype, so something like:

['BitField', {'end_bit':32, 'start_bit':24, 'native_type':'unsigned long long'}]

Thanks!  5:)

Original issue reported on code.google.com by [email protected] on 17 Mar 2011 at 12:06

[PATCH] speed improvement for omap.remap

omap.remap can be quite slow, because it regenerates the from list on every
call. The attached patch creates a class to cache the fromlist, improving
speed considerably. On my system, the patch reduced the running time for
"print_gvars.py ntoskrnl.pdb" from 4 minutes 45 seconds to 9 seconds.

Thanks for putting this library together, by the way.

Original issue reported on code.google.com by [email protected] on 10 Jun 2009 at 5:45

Attachments:

pdbparse-omap-fromcache.diff

undname can seg fault

What steps will reproduce the problem?
1. Ensure pdbparse is built so that assertions are active (i.e. NDEBUG is 
undefined)
2. call undname with the decorated name 
"?HandleEvents@CEventFilter@@$4PPPPPPPM@3AEJPBVIReportingEventCollection@@@Z"

What is the expected output? What do you see instead?
Expect to either see the name remain undecorated or for it to be undecorated.

Instead, the assert on line 243 of undname.c fails and (if asserts are off) we 
get a seg fault.

What version of the product are you using? On what operating system?
r103

Please provide any additional information below.
A quick fix is to "gracefully" fail by inserting:

  if (!cref) return NULL;

just after line 243.

Original issue reported on code.google.com by carl.pulley on 27 Apr 2013 at 10:47

pdb_print_ctypes.py "list index out of range" with Windows 7 x86 SP1 kernel on _OBJECT_REF_INFO

Running the following command leads to a crash. The same command (with width=8) 
run against the x64 kernel does not seem to have a problem


./pdb_print_ctypes.py --width=4 
7/x86_sp1/ntkrnlmp.pdb/00625D7D36754CBEBA4533BA9A0F3FE22/ntkrnlmp.pdb 

/******* Enumerations *******/
....
typedef struct _OBJECT_REF_INFO { // 0x1c bytes
Traceback (most recent call last):
  File "./pdb_print_ctypes.py", line 1111, in <module>
    struct_pretty_str(s, opts.gcc)
  File "./pdb_print_ctypes.py", line 969, in struct_pretty_str_nofwd
    print flstr(lf)
  File "./pdb_print_ctypes.py", line 906, in flstr
    sol = unionize_compute(lf, memb_strs)
  File "./pdb_print_ctypes.py", line 854, in unionize_compute
    if mbr_ct_by_ofs[m.ofs] != base_ofs_ct and mbr_ct_by_ofs[m.ofs] == 1:
IndexError: list index out of range

Original issue reported on code.google.com by [email protected] on 24 Apr 2014 at 1:36

pdb_print_ctypes.py crashes on Windows 8.1 ntkrpamp.pdb

Running pdb_print_ctypes.py against the Windows 8.1 x86 ntkrpamp.pdb crashes 
with the following output:

./pdb_print_ctypes.py --width=4 
8.1/x86/ntkrpamp.pdb/9DC1F995475C456C8D1AA9606E3106931/ntkrpamp.pdb 

Traceback (most recent call last):
  File "./pdb_print_ctypes.py", line 1099, in <module>
    structs = topological_sort(dep_graph)
  File "./pdb_print_ctypes.py", line 66, in topological_sort
    count[successor] += 1
KeyError: '_HAL_PMC_COUNTERS'

Original issue reported on code.google.com by [email protected] on 24 Apr 2014 at 1:59

tpi_vtypes.py missing a few structs

Hey BDG, here's a patch I had to make to get a few things working. 

The PDB was from an exe compiled with Visual Studio 2010.

Original issue reported on code.google.com by [email protected] on 6 Jun 2012 at 5:15

Attachments:

a_few_types.patch

DOS Header magic not found

Info:

C:\Users\ACER\Desktop\myproject\counter>python -V
Python 3.10.11

C:\Users\ACER\Desktop\myproject\counter>python -m pip show pdbparse
Name: pdbparse
Version: 1.5
Summary: Python parser for Microsoft PDB files
Home-page: https://github.com/moyix/pdbparse/
Author: Brendan Dolan-Gavitt
Author-email: [email protected]
License:
Location: c:\users\acer\appdata\roaming\python\python310\site-packages
Requires: construct, construct, pefile
Required-by:

C:\Users\ACER\Desktop\myproject\counter>cl
Microsoft (R) C/C++ Optimizing Compiler Version 19.29.30152 for x86
Copyright (C) Microsoft Corporation.  All rights reserved.

python code:

#!/usr/bin/python
# coding: utf-8

import os
import sys
import pdbparse
from pdbparse.peinfo import *
from binascii import hexlify


def main(pepath):

    # Extract debug infos from PE.
    guid, pdb_filename = get_external_codeview(pepath)
    print("PE debug infos : %s, %s" % (pdb_filename, guid))

    # Extract corresponding PDB.
    pdbpath = os.path.join(os.path.dirname(pepath), pdb_filename)
    p = pdbparse.parse(pdbpath, fast_load = True)
    pdb = p.streams[pdbparse.PDB_STREAM_PDB]
    pdb.load()
    guidstr = (u'%08x%04x%04x%s%x' % (pdb.GUID.Data1, pdb.GUID.Data2, pdb.GUID.Data3, binascii.hexlify(
        pdb.GUID.Data4).decode('ascii'), pdb.Age)).upper()
    print("PDB Guid : %s" % (guidstr))

    if guid != guidstr:
        print(u'pdb not for this exe')
        sys.exit(-1)
    else:
        dbi = p.streams[pdbparse.PDB_STREAM_DBI]
        dbi.load()

        for (i, fns) in enumerate(dbi.modules):
            module_name = dbi.DBIExHeaders[i].objName.decode('ascii')
            print("[%d] DBI Module : %s" % (i, module_name))
            for fn in fns:
                print(u'\t%s' % fn)
            print(u'-')


if __name__ == u'__main__':
    pepath = sys.argv[1]
    print(pepath)
    main(pepath)

I used cl.exe /Zi /Fd "counter.pdb" "counter.cpp"
to build c++ pdb with this codde

// C++ Program to demonstrate
#include <iostream>
using namespace std;
int main_num = 0;

int add(int num) {
	main_num += num;
	return main_num;
}

int main()
{
	int numadder = 1;
	while (true) {
		printf("%d\r", add(numadder));
	}
	return 0;
}

Lack of documentation

This is hardly documented. I could not make it work as I'm not sure which version of construct I need. I also don't know wether this is for python2 or python3.

Some examples also depend on the pefile module which is not listed.

The README should be updated and mention installation instructions including all dependencies and their respective versions.

Command line parameter/autodetection of ARCH_PTR_SIZE

Hiya,

Again, a little enhancement request.  Currently pdbparse has the value 
ARCH_PTR_SIZE hardcoded as 4 bytes (good for 32-bit systems).  It would be 
great to provide a command line parameter, or some ridiculously clever way of 
figuring out whether a pdb file is for a 64-bit system, and altering the value 
to match the size of a native pointer...

This was spawned from volatility issue 232 [1].

[1] http://code.google.com/p/volatility/issues/detail?id=232

Original issue reported on code.google.com by [email protected] on 13 Mar 2012 at 12:59

Runs slow. Anyone interested in improving performance?

I don't want to take the time right now to submit performance enhancements, but perhaps @moyix or some other person reading this not would like to do the work.
I find that a tremendous amount of time is spent with file reads, string concatenations, and substring operations. There are two ways to speed things up that I have seen, and would be simple to implement:

In StreamFile class, cache the stream pages, so you only have to read them once from the file. Or better, if the platform supports mmap, just mmap the entire PDB file, create a buffer for it, and take a slice of the buffer for a stream page whenever you need it. In the non-mmap case, you could add a method to clear the cache, to be called, for instance, after parsing the entire stream.
In StreamFile._read, see how many pages are spanned by the request. Use the above cache / mmap to get slices of individual pages. Return the slice, or a concatenation of two slices, or use CStringIO to assemble more than two slices. Using _read_pages is inefficient because then you have to take a slice of the result.

I think this would eliminate most of the time spent in parsing a PDB as a whole. You could try profiling pdbparse with a large file, such as ntoskrnl.pdb.

Missing IMAGE_SECTION_HEADER or GlobalsData breaks parsing

Using pdbparse 1.0 and construct 2.5.0 on Python 2.7.4, I had a few issues 
loading some PDB files. One of the issue was already reported in ticket #8 and 
fixed in trunk.

The other two issues are both with some Windows 7 PDB files not containing 
something pdbparse expects.

Trying to load EA23305E14F24F9F837CCEACEE5D38401\fastfat.pdb, I got a construct 
exception about the number of IMAGE_SECTION_HEADER structs not being in the 
acceptable range because there are none.

Trying to load F8E2A8B5C9B74BF4A6E4A48F180099942\ntkrnlmp.pdb, I got a 
construct exception about the number of GlobalsData structs not being in the 
acceptable range because there are none.

I was able to solve both by replacing GreedyRange with OptionalGreedyRange. 
After making those two modifications and applying the fix for #8, I was able to 
load all the PDB files I needed.

A patch for pe.py and gdata.py is attached.

Original issue reported on code.google.com by kichik on 11 Apr 2013 at 2:51

Attachments:

pdbparse.r102.diff

Exception thrown on any pdb file

When called the pdbparse.parse("filename"), it would throw an exception with any pdb file

Python 3.8.10 (tags/v3.8.10:3d8993a, May  3 2021, 11:48:03) [MSC v.1928 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import pdbparse
>>> pdbparse.parse("vc142.pdb") 
Traceback (most recent call last):
  File "", line 1, in 
  File "C:\Users\user\AppData\Local\Programs\Python\Python38\lib\site-packages\pdbparse\__init__.py", line 554, in parse
    return PDB7(f, fast_load)
  File "C:\Users\user\AppData\Local\Programs\Python\Python38\lib\site-packages\pdbparse\__init__.py", line 521, in __init__
    self.read_root(self.root_stream)
  File "C:\Users\user\AppData\Local\Programs\Python\Python38\lib\site-packages\pdbparse\__init__.py", line 460, in read_root
    pdb_cls(
  File "C:\Users\user\AppData\Local\Programs\Python\Python38\lib\site-packages\pdbparse\__init__.py", line 154, in __init__
    self.load()
  File "C:\Users\user\AppData\Local\Programs\Python\Python38\lib\site-packages\pdbparse\__init__.py", line 262, in load
    tpis = tpi.parse_stream(self.stream_file, unnamed_hack, elim_fwdrefs)
  File "C:\Users\user\AppData\Local\Programs\Python\Python38\lib\site-packages\pdbparse\tpi.py", line 1190, in parse_stream
    types[i].substructs = ListContainer([resolve_typerefs(t, types, min) for t in types[i].substructs])
  File "C:\Users\user\AppData\Local\Programs\Python\Python38\lib\site-packages\pdbparse\tpi.py", line 1190, in 
    types[i].substructs = ListContainer([resolve_typerefs(t, types, min) for t in types[i].substructs])
  File "C:\Users\user\AppData\Local\Programs\Python\Python38\lib\site-packages\pdbparse\tpi.py", line 1105, in resolve_typerefs
    for attr in type_refs[leaf.leaf_type]:
KeyError: 61938
>>>

caused by function resolve_typerefs(leaf, types, min)
when exception happened, it was called with leaf.leaf_type is a int, in the output above it is 61938 and I have seen many other number

The pdb file was generated by a simple helloworld cpp program

adding T_64PCHAR


This patch was required for win32k.sys on win10 TP. 

Index: examples/pdb_tpi_vtypes.py
===================================================================
--- examples/pdb_tpi_vtypes.py  (revision 111)
+++ examples/pdb_tpi_vtypes.py  (working copy)
@@ -20,6 +20,7 @@
     "T_32PVOID": "'pointer', ['void']",
     "T_64PRCHAR": "'pointer64', ['unsigned char']",
     "T_64PUCHAR": "'pointer64', ['unsigned char']",
+    "T_64PCHAR": "'pointer64', ['char']",
     "T_64PWCHAR": "'pointer64', ['wchar']",
     "T_64PULONG": "'pointer64', ['unsigned long']",
     "T_64PLONG": "'pointer64', ['long']",
@@ -62,6 +63,7 @@
     "T_32PVOID": 4,
     "T_64PRCHAR": 8,
     "T_64PUCHAR": 8,
+    "T_64PCHAR": 8,
     "T_64PWCHAR": 8,
     "T_64PULONG": 8, 
     "T_64PLONG": 8,

Original issue reported on code.google.com by [email protected] on 17 Oct 2014 at 10:34

Porting pdbpase to construct 2.9

Hi guys,

I am trying to port pdbparse to the last construct version, but got to one place that I don't understand. Here:

pdbparse/pdbparse/tpi.py

Line 1070 in dbbd55d

Tunnel(

What is this Tunnel? In old documentation and source code I found only TunnelAdapter. Didn't find any analogue with the same functionality int the new construct.

Thank you!

Installation problem

Hi,

I'm having some issues with the installation. My final goal is to create a Rekall profile from a pdb file. In particular, I followed the suggestions in DRAKVUF socketmon plugin guide.

I did the following steps:

cd pdbparse
python setup.py build
python setup.py install

pip3 list shows that I've installed: construct (2.9.45), pdbparse (1.1) and pefile (2019.4.18).
Unfortunately, when I run ./symchk.py -e tcpip.sys I get the following errors:

Traceback (most recent call last):
  File "./symchk.py", line 217, in <module>
    main()
  File "./symchk.py", line 200, in main
    handle_pe(opts.exe)
  File "./symchk.py", line 118, in handle_pe
    (guid, filename) = get_rsds(dbgdata)
  File "/usr/local/lib/python3.6/dist-packages/pdbparse/peinfo.py", line 91, in get_rsds
    filename = ntpath.basename(dbg.Filename.decode('ascii'))
AttributeError: 'str' object has no attribute 'decode'

DBI stream changes from r69 not valid in all pdb files

Hiya,

So the IMAGE_FILE_MACHINE field add in r69 isn't always set in files from the 
2003 and XP debugging symbol packs.  Since the enumeration doesn't include 0, 
tpi_vtypes.py will fail with:

Traceback (most recent call last):
  File "tpi_vtypes.py", line 139, in <module>
    pdb.STREAM_DBI.load()
  File "/home/mike/tmp/pdbparse/trunk/pdbparse/__init__.py", line 215, in load
    debug = dbi.parse_stream(self.stream_file)
  File "/home/mike/tmp/pdbparse/trunk/pdbparse/dbi.py", line 83, in parse_stream
    dbihdr = DBIHeader.parse_stream(stream)
  File "/usr/lib64/python2.7/site-packages/construct/core.py", line 129, in parse_stream
    return self._parse(stream, AttrDict())
  File "/usr/lib64/python2.7/site-packages/construct/core.py", line 553, in _parse
    subobj = sc._parse(stream, context)
  File "/usr/lib64/python2.7/site-packages/construct/core.py", line 181, in _parse
    return self._decode(self.subcon._parse(stream, context), context)
  File "/usr/lib64/python2.7/site-packages/construct/adapters.py", line 97, in _decode
    raise MappingError("no decoding mapping for %r"  % (obj,))
construct.adapters.MappingError: no decoding mapping for 0

I've attached a patch that allows an IMAGE_FILE_MACHINE value of 0, and gives a 
warning if it occurs requiring the user to specify an arch pointer size (since 
both x86 and x64 2003 pdbs have no machine setting, so we can't just default to 
4).

Original issue reported on code.google.com by [email protected] on 15 Mar 2012 at 10:08

Attachments:

pdbparse-dbi.patch

Versions confusion

@moyix I see 1.2 released on pypi yet the code has a 1.1 release instead?

Pypi version is broken

Hi,

When trying to install the package from pypi and test it on a sample PDB, the code fails while parsing the DBI name with the following traceback:

  File "/usr/local/lib/python3.6/dist-packages/pdbparse/__init__.py", line 276, in load
    debug = dbi.parse_stream(self.stream_file)
  File "/usr/local/lib/python3.6/dist-packages/pdbparse/dbi.py", line 160, in parse_stream
    Name = "Name" / CString(encoding = "utf8").parse(Names[NameRef[j]:])
TypeError: unsupported operand type(s) for /: 'str' and 'str'

It seems like this code was fixed last november, but wasn't deployed to pip.
Is it possible to deploy the current fixed version to pip?

Thanks :-)

Failed installing under Windows

Hi,

I got the following errors while building wheel using python 3.6 32bit.

> pip install pdbparse
Collecting pdbparse                                                                                                                        
  Using cached pdbparse-1.2.tar.gz                                                                                                         
Building wheels for collected packages: pdbparse                                                                                           
  Running setup.py bdist_wheel for pdbparse ... error                                                                                      
  Complete output from command d:\src\python\envs\36-32\scripts\python.exe -u -c "import setuptools, tokenize;__file__='C:\\Users\\sean\\Ap
ata\\Local\\Temp\\pip-build-h6vbtw1u\\pdbparse\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f
lose();exec(compile(code, __file__, 'exec'))" bdist_wheel -d C:\Users\sean\AppData\Local\Temp\tmpxieegev2pip-wheel- --python-tag cp36:     
  running bdist_wheel                                                                                                                      
  running build                                                                                                                            
  running build_py                                                                                                                         
  creating build                                                                                                                           
  creating build\lib.win32-3.6                                                                                                             
  creating build\lib.win32-3.6\pdbparse                                                                                                    
  copying pdbparse\dbgold.py -> build\lib.win32-3.6\pdbparse                                                                               
  copying pdbparse\dbi.py -> build\lib.win32-3.6\pdbparse                                                                                  
  copying pdbparse\fpo.py -> build\lib.win32-3.6\pdbparse                                                                                  
  copying pdbparse\gdata.py -> build\lib.win32-3.6\pdbparse                                                                                
  copying pdbparse\info.py -> build\lib.win32-3.6\pdbparse                                                                                 
  copying pdbparse\omap.py -> build\lib.win32-3.6\pdbparse                                                                                 
  copying pdbparse\pe.py -> build\lib.win32-3.6\pdbparse                                                                                   
  copying pdbparse\peinfo.py -> build\lib.win32-3.6\pdbparse                                                                               
  copying pdbparse\postfix_eval.py -> build\lib.win32-3.6\pdbparse                                                                         
  copying pdbparse\symlookup.py -> build\lib.win32-3.6\pdbparse                                                                            
  copying pdbparse\tpi.py -> build\lib.win32-3.6\pdbparse                                                                                  
  copying pdbparse\undecorate.py -> build\lib.win32-3.6\pdbparse                                                                           
  copying pdbparse\undname.py -> build\lib.win32-3.6\pdbparse                                                                              
  copying pdbparse\__init__.py -> build\lib.win32-3.6\pdbparse                                                                             
  running build_ext                                                                                                                        
  building 'pdbparse._undname' extension                                                                                                   
  creating build\temp.win32-3.6                                                                                                            
  creating build\temp.win32-3.6\Release                                                                                                    
  creating build\temp.win32-3.6\Release\src                                                                                                
  D:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\cl.exe /c /nologo /Ox /W3 /GL /DNDEBUG /MD -ID:\Python36-32\include -ID:\Pytho
6-32\include "-ID:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\INCLUDE" "-ID:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\A
MFC\INCLUDE" "-IC:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt" "-IC:\Program Files (x86)\Windows Kits\NETFXSDK\4.6.1\inc
de\um" "-IC:\Program Files (x86)\Windows Kits\8.1\include\\shared" "-IC:\Program Files (x86)\Windows Kits\8.1\include\\um" "-IC:\Program Fi
s (x86)\Windows Kits\8.1\include\\winrt" /Tcsrc/undname.c /Fobuild\temp.win32-3.6\Release\src/undname.obj                                  
  undname.c                                                                                                                                
  src/undname.c(225): warning C4018: '<': signed/unsigned mismatch                                                                         
  src/undname.c(226): warning C4018: '>=': signed/unsigned mismatch                                                                        
  src/undname.c(358): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable depre
tion, use _CRT_SECURE_NO_WARNINGS. See online help for details.                                                                            
  C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\stdio.h(1769): note: see declaration of 'sprintf'                       
  src/undname.c(657): warning C4018: '<': signed/unsigned mismatch                                                                         
  src/undname.c(1535): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprec
ion, use _CRT_SECURE_NO_WARNINGS. See online help for details.                                                                             
  src/undname.c(1530): warning C4996: 'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable depr
ation, use _CRT_SECURE_NO_WARNINGS. See online help for details.                                                                           
  C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\string.h(346): note: see declaration of 'strncpy'                       
  D:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\link.exe /nologo /INCREMENTAL:NO /LTCG /DLL /MANIFEST:EMBED,ID=2 /MANIFESTUAC:
 /LIBPATH:D:\Python36-32\Libs /LIBPATH:d:\src\python\envs\36-32\libs /LIBPATH:d:\src\python\envs\36-32\PCbuild\win32 "/LIBPATH:D:\Program F
es (x86)\Microsoft Visual Studio 14.0\VC\LIB" "/LIBPATH:D:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\ATLMFC\LIB" "/LIBPATH:C:\Pro
am Files (x86)\Windows Kits\10\lib\10.0.10240.0\ucrt\x86" "/LIBPATH:C:\Program Files (x86)\Windows Kits\NETFXSDK\4.6.1\lib\um\x86" "/LIBPAT
C:\Program Files (x86)\Windows Kits\8.1\lib\winv6.3\um\x86" /EXPORT:undname /EXPORT:PyInit__undname build\temp.win32-3.6\Release\src/undnam
obj /OUT:build\lib.win32-3.6\pdbparse\_undname.cp36-win32.pyd /IMPLIB:build\temp.win32-3.6\Release\src\_undname.cp36-win32.lib             
  LINK : error LNK2001: unresolved external symbol PyInit__undname                                                                         
  build\temp.win32-3.6\Release\src\_undname.cp36-win32.lib : fatal error LNK1120: 1 unresolved externals                                   
  error: command 'D:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\BIN\\link.exe' failed with exit status 1120                   
                                                                                                                                           
  ----------------------------------------                                                                                                 
  Failed building wheel for pdbparse                                                                                                       
  Running setup.py clean for pdbparse                                                                                                      
Failed to build pdbparse                                                                                                                   
Installing collected packages: pdbparse                                                                                                    
  Running setup.py install for pdbparse ... error                                                                                          
    Complete output from command d:\src\python\envs\36-32\scripts\python.exe -u -c "import setuptools, tokenize;__file__='C:\\Users\\sean\\
pData\\Local\\Temp\\pip-build-h6vbtw1u\\pdbparse\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n')
.close();exec(compile(code, __file__, 'exec'))" install --record C:\Users\sean\AppData\Local\Temp\pip-daunoe0f-record\install-record.txt --
ngle-version-externally-managed --compile --install-headers d:\src\python\envs\36-32\include\site\python3.6\pdbparse:                      
    running install                                                                                                                        
    running build                                                                                                                          
    running build_py                                                                                                                       
    creating build                                                                                                                         
    creating build\lib.win32-3.6                                                                                                           
    creating build\lib.win32-3.6\pdbparse                                                                                                  
    copying pdbparse\dbgold.py -> build\lib.win32-3.6\pdbparse                                                                             
    copying pdbparse\dbi.py -> build\lib.win32-3.6\pdbparse                                                                                
    copying pdbparse\fpo.py -> build\lib.win32-3.6\pdbparse                                                                                
    copying pdbparse\gdata.py -> build\lib.win32-3.6\pdbparse                                                                              
    copying pdbparse\info.py -> build\lib.win32-3.6\pdbparse                                                                               
    copying pdbparse\omap.py -> build\lib.win32-3.6\pdbparse                                                                               
    copying pdbparse\pe.py -> build\lib.win32-3.6\pdbparse                                                                                 
    copying pdbparse\peinfo.py -> build\lib.win32-3.6\pdbparse                                                                             
    copying pdbparse\postfix_eval.py -> build\lib.win32-3.6\pdbparse                                                                       
    copying pdbparse\symlookup.py -> build\lib.win32-3.6\pdbparse                                                                          
    copying pdbparse\tpi.py -> build\lib.win32-3.6\pdbparse                                                                                
    copying pdbparse\undecorate.py -> build\lib.win32-3.6\pdbparse                                                                         
    copying pdbparse\undname.py -> build\lib.win32-3.6\pdbparse                                                                            
    copying pdbparse\__init__.py -> build\lib.win32-3.6\pdbparse                                                                           
    running build_ext                                                                                                                      
    building 'pdbparse._undname' extension                                                                                                 
    creating build\temp.win32-3.6                                                                                                          
    creating build\temp.win32-3.6\Release                                                                                                  
    creating build\temp.win32-3.6\Release\src                                                                                              
    D:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\cl.exe /c /nologo /Ox /W3 /GL /DNDEBUG /MD -ID:\Python36-32\include -ID:\Pyt
n36-32\include "-ID:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\INCLUDE" "-ID:\Program Files (x86)\Microsoft Visual Studio 14.0\VC
TLMFC\INCLUDE" "-IC:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt" "-IC:\Program Files (x86)\Windows Kits\NETFXSDK\4.6.1\i
lude\um" "-IC:\Program Files (x86)\Windows Kits\8.1\include\\shared" "-IC:\Program Files (x86)\Windows Kits\8.1\include\\um" "-IC:\Program 
les (x86)\Windows Kits\8.1\include\\winrt" /Tcsrc/undname.c /Fobuild\temp.win32-3.6\Release\src/undname.obj                                
    undname.c                                                                                                                              
    src/undname.c(225): warning C4018: '<': signed/unsigned mismatch                                                                       
    src/undname.c(226): warning C4018: '>=': signed/unsigned mismatch                                                                      
    src/undname.c(358): warning C4996: 'sprintf': This function or variable may be unsafe. Consider using sprintf_s instead. To disable dep
cation, use _CRT_SECURE_NO_WARNINGS. See online help for details.                                                                          
    C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\stdio.h(1769): note: see declaration of 'sprintf'                     
    src/undname.c(657): warning C4018: '<': signed/unsigned mismatch                                                                       
    src/undname.c(1535): warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable depr
ation, use _CRT_SECURE_NO_WARNINGS. See online help for details.                                                                           
    src/undname.c(1530): warning C4996: 'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable de
ecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.                                                                         
    C:\Program Files (x86)\Windows Kits\10\include\10.0.10240.0\ucrt\string.h(346): note: see declaration of 'strncpy'                     
    D:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\BIN\link.exe /nologo /INCREMENTAL:NO /LTCG /DLL /MANIFEST:EMBED,ID=2 /MANIFESTUA
NO /LIBPATH:D:\Python36-32\Libs /LIBPATH:d:\src\python\envs\36-32\libs /LIBPATH:d:\src\python\envs\36-32\PCbuild\win32 "/LIBPATH:D:\Program
iles (x86)\Microsoft Visual Studio 14.0\VC\LIB" "/LIBPATH:D:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\ATLMFC\LIB" "/LIBPATH:C:\P
gram Files (x86)\Windows Kits\10\lib\10.0.10240.0\ucrt\x86" "/LIBPATH:C:\Program Files (x86)\Windows Kits\NETFXSDK\4.6.1\lib\um\x86" "/LIBP
H:C:\Program Files (x86)\Windows Kits\8.1\lib\winv6.3\um\x86" /EXPORT:undname /EXPORT:PyInit__undname build\temp.win32-3.6\Release\src/undn
e.obj /OUT:build\lib.win32-3.6\pdbparse\_undname.cp36-win32.pyd /IMPLIB:build\temp.win32-3.6\Release\src\_undname.cp36-win32.lib           
    LINK : error LNK2001: unresolved external symbol PyInit__undname                                                                       
    build\temp.win32-3.6\Release\src\_undname.cp36-win32.lib : fatal error LNK1120: 1 unresolved externals                                 
    error: command 'D:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\BIN\\link.exe' failed with exit status 1120                 
                                                                                                                                           
    ----------------------------------------                                                                                               
Command "d:\src\python\envs\36-32\scripts\python.exe -u -c "import setuptools, tokenize;__file__='C:\\Users\\sean\\AppData\\Local\\Temp\\pi
build-h6vbtw1u\\pdbparse\\setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(
de, __file__, 'exec'))" install --record C:\Users\sean\AppData\Local\Temp\pip-daunoe0f-record\install-record.txt --single-version-externall
managed --compile --install-headers d:\src\python\envs\36-32\include\site\python3.6\pdbparse" failed with error code 1 in C:\Users\sean\App
ta\Local\Temp\pip-build-h6vbtw1u\pdbparse\

Linux install error

After setup.py
I'm getting these error when i try run example

Traceback (most recent call last):
  File "./symchk.py", line 36, in <module>
    from pdbparse.peinfo import *
  File "/usr/local/lib/python3.6/dist-packages/pdbparse/peinfo.py", line 5, in <module>
    from pdbparse.dbgold import CV_RSDS_HEADER, CV_NB10_HEADER, DebugDirectoryType
  File "/usr/local/lib/python3.6/dist-packages/pdbparse/dbgold.py", line 4, in <module>
    from pdbparse.pe import IMAGE_SECTION_HEADER
  File "/usr/local/lib/python3.6/dist-packages/pdbparse/pe.py", line 6, in <module>
    String("Name", 8),
NameError: name 'String' is not defined

[PATCH] parse functions as well as global variables

I'd like the parser to export function information from the global stream,
not just variable info. Attached is the trivial patch.

Original issue reported on code.google.com by [email protected] on 10 Jun 2009 at 6:34

Attachments:

pdbparse-parsefuncs.patch

Using pdb_print_ctypes.py gives TypeError

What steps will reproduce the problem?
1. Use ntdll.pdb from the Windows XP SP3 Symbols
2. python pdb_print_ctypes.py ~/Documents/VirtualBox\ share/ntdll.pdb


What is the expected output? What do you see instead?

- Expected result is struct information.

- Actual result:

/*******  Structures  *******/
typedef struct _EX_PUSH_LOCK_WAIT_BLOCK { // 0x1c bytes
Traceback (most recent call last):
  File "pdb_print_ctypes.py", line 1111, in <module>
    struct_pretty_str(s, opts.gcc)
  File "pdb_print_ctypes.py", line 969, in struct_pretty_str_nofwd
    print flstr(lf)
  File "pdb_print_ctypes.py", line 904, in flstr
    if s.leaf_type == "LF_MEMBER" ]
  File "pdb_print_ctypes.py", line 530, in memb_str
    size_str = '%#x' % size
TypeError: %x format: a number is required, not NoneType


What version of the product are you using? On what operating system?

- Using the latest version from Subversion on April 8th 2014 on Ubuntu 13.10.


Please provide any additional information below.

(none)

Original issue reported on code.google.com by [email protected] on 8 Apr 2014 at 1:12

PDB Parse Exception: NumberOfRelocations would be overwritten

What steps will reproduce the problem?
1. python pdb_print_ctypes.py WinXPSP2/Symbols/dll/ntdll.pdb

What is the expected output? What do you see instead?
Traceback (most recent call last):
  File "pdb_print_ctypes.py", line 1033, in <module>
    pdb = pdbparse.parse(args[0])
  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 477, in parse
    return PDB7(f, fast_load)
  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 444, in __init__
    self.read_root(self.root_stream)
  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 390, in read_root
    parent=self))
  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 119, in __init__
    else: self.load()
  File "/usr/local/lib/python2.7/dist-packages/pdbparse/__init__.py", line 301, in load
    self.sections = pe.Sections.parse(self.data)
  File "/usr/local/lib/python2.7/dist-packages/construct-2.5.0-py2.7.egg/construct/core.py", line 187, in parse
    return self.parse_stream(BytesIO(data))
  File "/usr/local/lib/python2.7/dist-packages/construct-2.5.0-py2.7.egg/construct/core.py", line 197, in parse_stream
    return self._parse(stream, Container())
  File "/usr/local/lib/python2.7/dist-packages/construct-2.5.0-py2.7.egg/construct/core.py", line 519, in _parse
    obj.append(self.subcon._parse(stream, context))
  File "/usr/local/lib/python2.7/dist-packages/construct-2.5.0-py2.7.egg/construct/core.py", line 664, in _parse
    raise OverwriteError("%r would be overwritten but allow_overwrite is False" % (sc.name,))
construct.core.OverwriteError: 'NumberOfRelocations' would be overwritten but 
allow_overwrite is False

What version of the product are you using? On what operating system?
Python 2.7; Construct 2.5; and SVN head version of pdbparse

Original issue reported on code.google.com by carl.pulley on 21 Mar 2013 at 10:17

Correcting 64-bit pointers

The print_ctypes script does not create the correct types for 64-bit pointers 
(i.e. T_64PVOID). A suggested patch is attached.

Original issue reported on code.google.com by jessekornblum on 4 May 2011 at 4:14

Attachments:

pvoid64.patch

T_64PWCHAR on win8x64 win32.sys

Hey BDG,

$ python pdb_tpi_vtypes.py win32k.pdb > win8_sp0_x64_vtypes_gui.py
Traceback (most recent call last):
  File "pdb_tpi_vtypes.py", line 188, in <module>
    print_vtype(s)
  File "pdb_tpi_vtypes.py", line 137, in print_vtype
    print "    '%s' : [ %#x, %s]," % (s.name, s.offset, member_str(s.index))
  File "pdb_tpi_vtypes.py", line 102, in member_str
    return "[%s]" % vtype[m]
KeyError: 'T_64PWCHAR'

The win32k.pdb example is attached.

Original issue reported on code.google.com by [email protected] on 11 Jul 2013 at 7:27

Attachments:

win32k.pdb

an old version 2 of PDB file cannot be parsed

hello.zip
These files are from a vb6 project.
Generated files Helo_cli.pdb and helo_svr.pdb cannot be parsed by pdbparse.

Examples fail on Windows 10.0.18362.53 ntoskrnl.exe symbol

The below examples failed on the attached ntoskrnl.exe symbol.

python -V
**Python 2.7.11**

python -m pip freeze | grep pdbparse
DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.
**pdbparse==1.1**

python pdb_print_ctypes.py K:\temp\ntkrnlmp.pdb
// Architecture pointer width 8 bytes
Traceback (most recent call last):
  File "pdb_print_ctypes.py", line 1141, in <module>
    structs = topological_sort(dep_graph)
  File "pdb_print_ctypes.py", line 66, in topological_sort
    count[successor] += 1
KeyError: u'_HAL_PMC_COUNTERS'

python pdb_get_syscall_table.py K:\temp\ntoskrnl.exe K:\temp\ntkrnlmp.pdb
Traceback (most recent call last):
  File "pdb_get_syscall_table.py", line 46, in <module>
    sects = pdb.STREAM_SECT_HDR_ORIG.sections
AttributeError: PDB7 instance has no attribute 'STREAM_SECT_HDR_ORIG'

Link to problematic symbol:
ntkrnlmp.zip

NameError: name 'ULInt32' is not defined

I receive the following error when I try to run symchk

C:>py c:\Python27\Scripts\symchk.py
Traceback (most recent call last):
File "c:\Python27\Scripts\symchk.py", line 37, in
from pdbparse.peinfo import *
File "C:\Python27\lib\site-packages\pdbparse\peinfo.py", line 3, in
from pdbparse.dbgold import CV_RSDS_HEADER, CV_NB10_HEADER, DebugDirectoryType
File "C:\Python27\lib\site-packages\pdbparse\dbgold.py", line 4, in
from pdbparse.pe import IMAGE_SECTION_HEADER
File "C:\Python27\lib\site-packages\pdbparse\pe.py", line 3, in
from pdbparse.info import GUID
File "C:\Python27\lib\site-packages\pdbparse\info.py", line 21, in
ULInt32("Version"),
NameError: name 'ULInt32' is not defined

How to find the type of a global symbol

Hi, I cannot find your email so I write this issue.

I can use pdbparse to find global symbols, and all the types. However, I cannot 
connect them. 

For example, I find the 'symbol' of a global procedure, whose name is 
'hello_world', and there is a 'type' in TPI describe the 'hello_world' 
procedure. However, there is no information in the 'symbol' to point to the 
'type'. 

So, I think there must be some information in the PDB file to describe the type 
of a symbol, the problem is where I can find it?

Thank you!

Original issue reported on code.google.com by [email protected] on 4 Jan 2015 at 8:34

Weird symbols in some Windows 7 pdb's?

What steps will reproduce the problem?

Using the lookup example returns some weird symbols in certain Windows 7 pdb's. 
For example when checking the pdb for localspl.dll with PE GUID 4ce7b862bf000 I 
see symbols like:

Loading symbols for localspl.pdb...
Use lookup(addr) to resolve an address to its nearest symbol
>>> lookup(0xf498)
base: 0x0. limit: 0xbd8e8
idx: 1302
'localspl.pdb!??_C@_1BE@DENADGKH@?$AAS?$AAt?$AAa?$AAr?$AAt?$AAT?$AAi?$AAm?$AAe?$
AA?$AA@'

What is the expected output? What do you see instead?

Most other symbols I've seen are like _GetFileVersionInfoW@16, therefore these 
symbols look out of place to me. Are these normal? 

What version of the product are you using? On what operating system?
SVN revision #95.

Original issue reported on code.google.com by [email protected] on 30 Apr 2013 at 1:27

moyix / pdbparse Goto Github PK

pdbparse's Introduction

pdbparse

pdbparse's People

Contributors

Stargazers

Watchers

Forkers

pdbparse's Issues

Recommend Projects

Recommend Topics

Recommend Org