Click here to Skip to main content
15,867,956 members
Articles / Desktop Programming / MFC

How to Inspect the Content of a Program Database (PDB) File

Rate me:
Please Sign up or sign in to vote.
4.87/5 (64 votes)
14 Jan 2014CPOL4 min read 485.3K   21.7K   244   104
Get to know the files you use on a daily basis when debugging your application with Visual Studio or WinDbg.

Image 1

Introduction

As Windows software developers, we all extensively use Visual Studio and/or WinDbg to step into our code, set breakpoints, watch variables, and perform many other useful tasks related to the debugging of applications. We somehow know that an internal mechanism exists in order to enable debuggers to map source code to binary and step into many of the available runtime libraries. For this purpose, debuggers use Program Database (PDB) files for managed as well as unmanaged code. PDB for managed code contains less debug information since these are located in the metadata section of the PE sections.

This article has several goals:

  • Show the existence of PDB files and how debuggers use them.
  • Show the existing technology used to retrieve their content.
  • Give an idea about the importance of PDB files while debugging and the kind of information embedded in them.
  • Present a project that implements a comfortable C++ wrapper on top of the esoteric DIA classes as well as a PDB inspector front end. This is the first part of a series dedicated to PDB and their executables counterpart. This article concentrates on one aspect of these PDB files, namely the modules referenced.

Background

As explained by John Robbin in the article mentioned below, "a native C++ PDB file contains a lot of information: 

  • public, private, and static function addresses 
  • Global variable names and addresses 
  • Parameter and local variable names and offsets where to find them on the stack
  • Source file names and their lines, etc..." 

A .NET PDB file only contains two pieces of information: (from John Robbin in the article mentioned below) 

  • The source file names 
  • Their lines and the local variable names

All the other information is already in the .NET metadata so there is no need to duplicate the same information in a PDB file.

For those of you not familiar with the Windows Debug Interface Access, Program Database (PDB), and the basic ideas presented here, a few essential links:

When compiled with debugging information, an executable file contains two references to the associated PDB file:

  • A GUID that matches the one placed in the expected PDB file
  • The full path of the associated PDB file that will be used during the debugging session

PdbParser/Pe_and_pdb.jpg

When a program to be debugged is launched, the debugger goes into the executable file and tries to locate the correct PDB file to proceed to the debugging session. The links above explain these along with how to setup a Symbols server.

Using the Code

The PDB project presented here consists of three parts:

  • PdbParser: C++ project - implements the PdbParser.dll which is a wrapper to the DIA interface.
  • PdbInspectorConsole: C++ Win32 console project - consumes the PdbParser and shows the modules referenced in a PDB file.
  • PdbInspector: C++ MFC project - consumes the PdbParser and shows the modules referenced in a PDB file and a few of the available details related to the modules.

Environment

The project has been developed and tested on Windows Vista Ultimate 32bit only.

Classes Hierarchy

As mentioned earlier, the Microsoft DIA SDK is a COM-based interface to handle PDB files. The problem with this SDK is that it consists of a tremendous collections of interfaces and functions. The PdbParser presented here abstracts these details and offers a simple task oriented set of interfaces. In this version, the PdbPaser concentrates on the collection of modules. The PdbParser is organized into a set of abstract layers. Opening a PDB file is done in two steps:

  • Instantiate PdbParser using the IPdbParserFactory::Create() function:
  • C++
    IPdbParser* pIPdbParser = IPdbParserFactory::Create(); 
  • Open a specific file using the IPdbParser::Open() function:
  • C++
    IPdbParser* pIPdbParser = IPdbParserFactory::Create(); 
    IPdbFile* pIPdbfile = pIPdbParser->OpenFile(L"test.pdb");

In order to retrieve details about a specific module referenced in a PDB file, you has to go through three additional steps:

  • Collect the Modules using the IPdbFile::GetModules() function.
  • Collect the details about a specific module using the IPdbModule::GetModuleDetails() function.
  • Use the IPdbModuleDetails functions available.
  • C++
    //Traverse the Modules
    vector<ipdbmodule*> vModules = pIPdbfile->GetModules();
    vector<ipdbmodule*>::iterator it = vModules.begin();
    for( ;it!=vModules.end();it++)
    {
        IPdbModule* pIPdbModule = *it;
        wprintf(L"%ws\n", pIPdbModule->GetName().c_str());
    }

In order to retrieve the source file names of a specific module, one has to go through three steps:

  • Collect the modules using the IPdbFile::GetModules() function.
  • Collect the files referenced by a specific module using the IPdbModule::GetSourceFiles() function.
  • Use the IPdbSourceFile::GetFileName() function.
  • C++
    //Traverse the Source file Names collection.
    std::vector<ipdbsourcefile*> vSources = pIPdbModule->GetSourceFiles();
    std::vector<ipdbsourcefile*>::iterator it = vSources.begin();
    for( ;it!=vSources.end(); it++)
    {
        IPdbSourceFile* pIPdbSourceFile = *it;
        wprintf(L"%ws\n", pIPdbSourceFile->GetFileName().c_str());
    }

When appropriate, the resources allocated by PdbParser are freed using one last step.

  • Release the allocated resources using the IPdbParserFactory::Destroy() function.
  • C++
    IPdbParserFactory::Destroy(); 

The image below shows the accessors-based hierarchy:

PdbParser/InterfacesHierarchy.jpg

History 

  • 19.06.2009 - The focus in this project is the enumeration of the modules and some of their details
  • 23.06.2009 - Added the enumeration for the source file names
  • 02.07.2009 - Corrected an open/close issue; added the IsStripped() method
  • 20.08.2011
    • Added support for drag and drop of a PDB file on the UI
    • Removed the console demo
    • Updated my web address
  • 30.08.2011 
    • Shows compiler name and version
    • Shows checksum type and value 
  • 26.06.2013
- Changed the path the DIA SDK
- Built and tested with VStudio 2k8 on Windows 7-64 bit in debug and release modes 

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Software Developer winitor
Germany Germany
Marc Ochsenmeier is the author of pestudio (www.winitor.com) and worked as developer with the focus on Windows Security. He now works as a Malware Analyst

pestudio is on twitter at: https://twitter.com/ochsenmeier

Comments and Discussions

 
GeneralMy vote of 5 Pin
Eric Ouellet5-May-21 4:36
professionalEric Ouellet5-May-21 4:36 
GeneralRe: My vote of 5 Pin
marc ochsenmeier1-Jun-22 1:31
marc ochsenmeier1-Jun-22 1:31 
GeneralMy vote of 5 Pin
Eric Ouellet5-May-21 4:36
professionalEric Ouellet5-May-21 4:36 
QuestionI have made a variant of this for VS 2019 Pin
Scot Brennecke10-Dec-20 12:25
professionalScot Brennecke10-Dec-20 12:25 
NewsRe: I have made a variant of this for VS 2019 Pin
Scot Brennecke21-Aug-21 9:31
professionalScot Brennecke21-Aug-21 9:31 
GeneralRe: I have made a variant of this for VS 2019 Pin
antonio.vale.macedo22-Feb-22 2:53
antonio.vale.macedo22-Feb-22 2:53 
GeneralRe: I have made a variant of this for VS 2019 Pin
Scot Brennecke22-Feb-22 3:54
professionalScot Brennecke22-Feb-22 3:54 
GeneralRe: I have made a variant of this for VS 2019 Pin
antonio.vale.macedo24-Feb-22 3:32
antonio.vale.macedo24-Feb-22 3:32 
GeneralRe: I have made a variant of this for VS 2019 Pin
ETA20-Jul-22 20:48
ETA20-Jul-22 20:48 
QuestionNeed help with compiling Pin
Member 1475343523-Feb-20 22:18
Member 1475343523-Feb-20 22:18 
AnswerRe: Need help with compiling Pin
Member 147916083-Apr-20 7:56
Member 147916083-Apr-20 7:56 
PraiseWorks on Win10 x64 Pin
Member 1407303230-Nov-18 5:13
Member 1407303230-Nov-18 5:13 
GeneralRe: Works on Win10 x64 Pin
marc ochsenmeier28-Dec-20 22:56
marc ochsenmeier28-Dec-20 22:56 
Bugmissing SDK Pin
Frederic GIRARDIN16-May-18 0:10
Frederic GIRARDIN16-May-18 0:10 
SuggestionVersion for VS 2015? Pin
wilgf6-May-17 15:30
wilgf6-May-17 15:30 
QuestionExecutables Pin
kiquenet.com16-Apr-15 23:40
professionalkiquenet.com16-Apr-15 23:40 
AnswerRe: Executables Pin
marc ochsenmeier25-Jul-15 1:31
marc ochsenmeier25-Jul-15 1:31 
QuestionModules missing source files list. Pin
Walter Gates6-Apr-15 11:27
Walter Gates6-Apr-15 11:27 
GeneralMy vote of 5 Pin
M Rayhan15-Jan-14 1:25
M Rayhan15-Jan-14 1:25 
GeneralRe: My vote of 5 Pin
marc ochsenmeier15-Jan-14 4:48
marc ochsenmeier15-Jan-14 4:48 
QuestionAdd info source reference to John Robbins Blog Pin
DaveBlack7-Jan-14 9:22
DaveBlack7-Jan-14 9:22 
AnswerRe: Add info source reference to John Robbins Blog Pin
marc ochsenmeier7-Jan-14 21:41
marc ochsenmeier7-Jan-14 21:41 
GeneralRe: Add info source reference to John Robbins Blog Pin
DaveBlack8-Jan-14 4:56
DaveBlack8-Jan-14 4:56 
GeneralRe: Add info source reference to John Robbins Blog Pin
marc ochsenmeier8-Jan-14 6:06
marc ochsenmeier8-Jan-14 6:06 
GeneralRe: Add info source reference to John Robbins Blog Pin
marc ochsenmeier14-Jan-14 22:17
marc ochsenmeier14-Jan-14 22:17 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.