Home

Awesome

Symbol Parser

A small class to parse debug info from PEs, download their respective PDBs from the Microsoft Public Symbol Server and calculate RVAs of functions.


x86 builds are compatible with x64 PEs

x64 builds are compatible with x86 PEs

Keep in mind to use SysWOW64 or Sysnative (instead of System32) when trying to load a system dll crossplatform.

Check main.cpp for an example.

Shoutout to mambda and their pdb-parser project which is a great resource to learn from.


Functions

Initialize

This function initializes the instance of the symbol parser.

DWORD Initialize(
	const std::wstring & szModulePath, 
	const std::wstring & path, 
	std::wstring * pdb_path_out, 
	bool Redownload = false
);
Parameters

szModulePath
The path to the target module file whose symbols are to be loaded. This has to be a full path starting with the drive letter.

path
The path to the directory where the PDB file will be downloaded to.

pdb_path_out
A pointer to a string variable that will receive the full path after the PDB is downloaded. This parameter is optional can be set to 0.

Redownload
If set to true the symbol parser will redownload the PDB even if an already existing file matches the specified target module.

GetSymbolAddress

This function resolves the relative virtual address of a symbol by its name.

DWORD GetSymbolAddress(
	std::string szSymbolName, 
	DWORD & RvaOut
);
Parameters

szSymbolName
An ANSI string object which contains the symbol name.

RvaOut
A reference to a DWORD variable to receive the relative virtual address of the resolved symbol.

GetSymbolName

This function resolves the name of a symbol by its relative virtual address.

DWORD GetSymbolName(
	DWORD RvaIn, 
	std::string & szSymbolNameOut
);
Parameters

RvaIn
The relative virtual address of the symbol.

szSymbolNameOut
A reference to a string object that will receive the full name of the symbol.

EnumSymbols

This will enumerate all available symbols from a PDB file.

DWORD EnumSymbols(
	std::string szFilter,
	std::vector<SYM_INFO_COMPACT> & info)
);
Parameters

szFilter
An ANSI string object which can be used to filter the enumerated symbols. See SysEnumSymbols->Mask for more information.

info
A reference to a vector of SYM_INFO_COMPACT structures which will be filled with information of the enumerated symbols.

EnumSymbolsInRange

This will enumerate all symbols in the given range from a PDB file.

DWORD EnumSymbolsInRange(
	std::string szFilter,
	DWORD min_rva, 
	DWORD max_rva,
	std::vector<SYM_INFO_COMPACT> & info)
);
Parameters

szFilter
An ANSI string object which can be used to filter the enumerated symbols. See SysEnumSymbols->Mask for more information.

min_rva
The lower bound of the range.

max_rva
The upper bound of the range.

info
A reference to a vector of SYM_INFO_COMPACT structures which will be filled with information of the enumerated symbols.

EnumSymbolsEx

This will enumerate all available symbols from a PDB file and then sort the enumerated data.

DWORD EnumSymbolsEx(
	std::string szFilter,
	std::vector<SYM_INFO_COMPACT> & info), 
	SYMBOL_SORT sort = SYMBOL_SORT::None, 
	bool ascending = true
);
Parameters

szFilter
An ANSI string object which can be used to filter the enumerated symbols. See SysEnumSymbols->Mask for more information.

info
A reference to a vector of SYM_INFO_COMPACT structures which will be filled with information of the enumerated symbols.

sort
This parameter defines how the vector will be sorted. The possible values are:

ascending
If true the vector is sorted ascendingly. If fals the vector is sorted in descending order.

EnumSymbolsInRangeEx

This will enumerate all available symbols in the given range from a PDB file and then sort the enumerated data.

DWORD EnumSymbolsInRangeEx(
	std::string szFilter,
	DWORD min_rva, 
	DWORD max_rva, 
	std::vector<SYM_INFO_COMPACT> & info), 
	SYMBOL_SORT sort = SYMBOL_SORT::None, 
	bool ascending = true
);
Parameters

szFilter
An ANSI string object which can be used to filter the enumerated symbols. See SysEnumSymbols->Mask for more information.

min_rva
The lower bound of the range.

max_rva
The upper bound of the range.

info
A reference to a vector of SYM_INFO_COMPACT structures which will be filled with information of the enumerated symbols.

sort
This parameter defines how the vector will be sorted. The possible values are:

ascending
If true the vector is sorted ascendingly. If fals the vector is sorted in descending order.

Return value

On success all of the above functions return SYM_ERROR_SUCCESS (0).
If a function fails it returns one of the following error codes.