{"componentChunkName":"component---src-templates-post-template-js","path":"/windows-windbg-006-symbol-en","result":{"data":{"markdownRemark":{"id":"87373fa7-175c-5ebb-b86e-8ae4e47aa0a8","html":"
\n

This page has been machine-translated from the original page.

\n
\n

My goal is to become proficient with WinDbg for Windows debugging and dump-based troubleshooting.

\n

For a full list of articles on Windows debugging and dump analysis with WinDbg, see the index page:

\n

Reference: Debugging and Troubleshooting Techniques with WinDbg

\n

This article introduces the build environment used to compile the sample programs featured in the WinDbg series above.

\n

I’ll be setting up the environment on Ubuntu 20.04 running on WSL2 to satisfy the following requirements.\nThe setup uses Docker containers, so it should work in any environment where Docker is available.

\n
    \n
  1. Cross-compile EXE files in a Linux environment
    2. \n
  2. Generate symbol files (.pdb files) in a Linux environment
    3. \n
\n\n

Table of Contents

\n\n

Setting Up the Build Environment

\n

The sample programs for WinDbg testing are hosted in the following repository:

\n

Reference: kash1064/Try2WinDbg

\n

First, clone the repository into any directory on an OS where Docker is available.

\n
git clone https://github.com/kash1064/Try2WinDbg
\n

Next, pull the following container image for compilation:

\n
docker pull kashiwabayuki/try2windbg:1.0
\n

Reference: kashiwabayuki/try2windbg

\n

This container image is a customized version of the mstorsjo/llvm-mingw image. Details are described later.

\n

Once the repository and container image have been downloaded, change into the Try2WinDbg directory.

\n

Run the following commands to generate compiled EXE files and symbol files directly under Try2WinDbg/src:

\n
cd Try2WinDbg\n\n# Specify the container image to use for the build\nCONTAINER=kashiwabayuki/try2windbg:1.0\ndocker run --rm -it -v `pwd`/src:/try2windbg $CONTAINER bash -c \"cd /try2windbg && make\"
\n

The environment setup is now complete.

\n

What Are Symbol Files (.pdb Files)?

\n

Files with the .pdb extension are called symbol files.

\n

PDB stands for Program Database. A PDB file maps identifiers and statements in a project’s source code to the corresponding identifiers and instructions in the compiled application.

\n

Using symbol files makes it significantly more efficient to analyze applications and processes with a debugger.

\n

Analysis is still possible without symbol files, but there is a notable difference in how the debugger displays information for the same address depending on whether an appropriate symbol file is loaded:

\n
sample+0x110     # Without symbol file\nsample!main+0x10 # With symbol file
\n

Loading symbol files properly allows you to quickly identify suspect locations, infer behavior from function names, and debug more efficiently overall.

\n

Reference: Specify symbol (.pdb) and source files in the Visual Studio debugger | Microsoft Docs

\n

How to Generate Symbol Files During Compilation in a Linux Environment

\n

Symbol files are critically important when debugging Windows applications. When using the Microsoft compiler, they are generated automatically at build time.

\n

However, when cross-compiling in a Linux environment using tools like MinGW, symbol files are not normally produced.

\n

Some resources — such as the Stack Overflow thread linked below — suggest using cv2pdb to create symbol files for MinGW cross-compiled EXE files, but this approach does not work on Linux.

\n

Reference: c++ - how to generate pdb files while building library using mingw? - Stack Overflow

\n

Therefore, I used llvm-mingw instead.

\n

llvm-mingw is a mingw-w64 toolchain based on LLVM/Clang/LLD.

\n

Reference: mstorsjo/llvm-mingw: An LLVM/Clang/LLD based mingw-w64 toolchain

\n

In short, LLVM is a platform-independent compiler infrastructure capable of compiling any programming language. Clang and LLD are the C compiler and linker for LLVM respectively.

\n

llvm-mingw is essentially a version of MinGW where the GNU-based binutils have been replaced by LLVM-based binutils.

\n

This makes it possible to compile for multiple computer architectures (i686, x86_64, armv7, arm64) with a single toolchain, and also enables generating symbol files in PDB format.

\n

Preparing the llvm-mingw Environment

\n

The easiest way to get an environment with LLVM-based MinGW is to use the official Docker image.

\n

In most cases, simply pulling this image from Docker Hub is all you need.

\n

If you need to set up the llvm-mingw environment directly on a Linux host rather than in a Docker container, you can refer to the scripts in the following Dockerfile:

\n

Reference: llvm-mingw/Dockerfile.cross at master · mstorsjo/llvm-mingw

\n

Compiling a C++ File with a PDB File Using llvm-mingw

\n

Here is how to use llvm-mingw.

\n

In the official Docker image, the LLVM-based MinGW compiler is already on the PATH as x86_64-w64-mingw32-g++.

\n

Pass the -Wl,-pdb=<filename>.pdb option when compiling to generate both an EXE file and a symbol file at the same time:

\n
x86_64-w64-mingw32-g++ -Wl,-pdb=sample.pdb sample.cpp -o sample.exe
\n

Wrap-up

\n

In this article, I summarized how to generate a debug symbol file when cross-compiling a Windows EXE in a Linux environment.

","fields":{"slug":"/windows-windbg-006-symbol-en","tagSlugs":["/tag/win-dbg-en/","/tag/kernel-en/","/tag/reversing-en/","/tag/english/"]},"frontmatter":{"date":"2021-10-18","description":"","tags":["WinDbg (en)","Kernel (en)","Reversing (en)","English"],"title":"How to Generate Symbol Files (.pdb) in a Linux Environment Using llvm-mingw","socialImage":{"publicURL":"/static/362a371d01282684c0ad5266d80a86e8/windows-windbg-006-symbol.png"}}}},"pageContext":{"slug":"/windows-windbg-006-symbol-en"}},"staticQueryHashes":["251939775","401334301","825871152"]}