Special Command—Using !chksym/!itoldyouso to Check PDB Files Against Modules


These are two debugger extensions that are used to see the PDB file that matches a specific module.


Note that !itoldyouso is not documented. The output of both commands is identical.


 


Usage:


 


0:025> !chksym ntdll


 


ntdll.dll


    Timestamp: 49EEA706


  SizeOfImage: 180000


          pdb: wntdll.pdb


      pdb sig: E06BEA15-5E97-48BE-A818-E2D0DD2FED95


          age: 2


 


Loaded pdb is c:\publicsymbols\wntdll.pdb\E06BEA155E9748BEA818E2D0DD2FED952\wntdll.pdb


 


wntdll.pdb


      pdb sig: E06BEA15-5E97-48BE-A818-E2D0DD2FED95


          age: 2


 


MATCH: wntdll.pdb and ntdll.dll


 


0:025> !itoldyouso ntdll


 


ntdll.dll


    Timestamp: 49EEA706


  SizeOfImage: 180000


          pdb: wntdll.pdb


      pdb sig: E06BEA15-5E97-48BE-A818-E2D0DD2FED95


          age: 2


 


Loaded pdb is c:\publicsymbols\wntdll.pdb\E06BEA155E9748BEA818E2D0DD2FED952\wntdll.pdb


 


wntdll.pdb


      pdb sig: E06BEA15-5E97-48BE-A818-E2D0DD2FED95


          age: 2


 


MATCH: wntdll.pdb and ntdll.dll


 


0:025> !chksym mtgdi


 


mtgdi.exe


    Timestamp: 48785A80


  SizeOfImage: 27000


          pdb: c:\DOWNLOADS\mtgdi\Debug\mtgdi.pdb


      pdb sig: EC1B3DB2-25C1-4337-8676-DFB3C5B1C8C9


          age: 3


 


Loaded pdb is C:\development\My Tools\Book\mtgdi\Debug\mtgdi.pdb


 


mtgdi.pdb


      pdb sig: EC1B3DB2-25C1-4337-8676-DFB3C5B1C8C9


          age: 3


 


MATCH: mtgdi.pdb and mtgdi.exe


 


0:025> !itoldyouso mtgdi


 


mtgdi.exe


    Timestamp: 48785A80


  SizeOfImage: 27000


          pdb: c:\DOWNLOADS\mtgdi\Debug\mtgdi.pdb


      pdb sig: EC1B3DB2-25C1-4337-8676-DFB3C5B1C8C9


          age: 3


 


Loaded pdb is C:\development\My Tools\Book\mtgdi\Debug\mtgdi.pdb


 


mtgdi.pdb


      pdb sig: EC1B3DB2-25C1-4337-8676-DFB3C5B1C8C9


          age: 3


 


MATCH: mtgdi.pdb and mtgdi.exe


 

Comments (0)