Use Symbol Filtering to get symbols you care about from your server instead of getting the kitchen sink

One of the most annoying things about working with performance traces is that they include information about everything in the system.  That's also one of the great things.

However, most of the time, for most problems, there are very few things you are specifically looking for.  Like in my case I'm looking at IE problems and I already know all the IE dlls.  If the dude happens to have 82 other programs running and idle I do not need to download their symbols.  There is no easy way to specify the symbols I care about so I wrote this local symbol proxy.  Beware it's slightly cheesy but it's super helpful because you neither have to download or cache symbols you don't care about.  I haven't tested it extensively but it works for me.  If you find bugs, maybe you can stick it on a github somewhere and start maintaining it for reals.  I feel like I've done my part 🙂

The source code is here.

As usual it comes with no warrantee and no rights are implied etc.  It's just a quick sample I threw together.

To use it, create your own symfilter.txt file with one pattern on each line.  It expects to find in the current directory when you start it.  Then run the thing.  Any requests that do not contain your strings will get a 404 return.  Everything else will be forwarded to the indicated server for resolution.

If your server path used to be


change it to


The bit before the | is used to find the actual server, the request will be changed to be http://someserver/somepath/...whatever

You could imagine having several configuration files listening on several ports but I leave that as an exercise to the reader.  This thing saves me a ton of time by not fetching symbols I don't need.

Enjoy 🙂

from your server

Comments (9)
  1. sublemon says:

    Nice. You could also use Fiddler Core. It's not as fun to write, but supports a lot of options and extra scripting.…/fiddlercore

  2. ricom says:

    Actually Justin suggested it but I was mostly done by then 🙂

  3. ricom says:

    You could run your own symbol server like that and make an extensive blacklist, this is like the opposite way.

    You could actually do both….

  4. ricom says:

    What I'd really like to see is _NT_SYMBOL_INCLUDE=x*;y*;z*  and _NT_SYMBOL_EXCLUDE=a*;b;c;etc

    That seems super easy to do in the base leaving the server out of it.  Because really it's a context specific decision.  That's why I designed my thing to run local, so you can change it at whim.

  5. symsrv.ini is parsed by the client, so you just have to put it next to windbg/wpa.  Agreed that it is missing a whitelist option though.

  6. Alois Kraus says:

    All native Images *.ni.pdb should be excluded by default since they will never be on any symbol server but take a lot of time if you are working with a large Ngenned code base.

  7. Hey, FiddlerCore is lots of fun to program in! 🙂

    It'll also properly handle things like redirects, and chunked encoding.

    The Return404 function should have a Content-Length: 0 header to allow for proper connection reuse.

  8. Note that HTTP/1.1 is keep-alive by default, so stripping out the Connection header isn't useful and doesn't help; you can simply close the connection if you want, or add Connection: close yourself.

    One other concern is that symbol servers SHOULD be using HTTPS because the response from the server can include directives to the debugger that can lead to RCE; MSRC refused to consider pushing the Microsoft symbol servers over to HTTPS, but Bruce Dawson is leading the charge to get Google and other companies to expose symbols securely.

Comments are closed.

Skip to main content