Resolving function signatures from external DLLs #6392
Comments
|
@sweetgiorni We don't have a more official way to do this at this point, and have had recent, similar requests. We need to discuss this more internally, as there are a number of options. Of course, if all of the PDBs were previously analyzed, that helps with the workflow. But when the user finds that any have not been, there could be a number of ways to get the desired information. There are questions of whether PDB analysis should be done at program/DLL import, what if a user only cares about certain DLLs (should they be given a pick list), should we interrogate saved programs to see if PDB/DWARF other analysis has been done, etc.? Solutions could includes scripts like yours or some other workflow. |
|
I often decide that I need to rebuild a library with debug symbols after I've already done some analysis, so being able to load symbols at any time would be useful. Seems like it would be a relatively common task, but since it's not in Ghidra already that makes me think my workflow is unusual.
I think this would be a great place to start, even if just as a script. While somewhat tedious, PDB analysis can already be performed through the UI for each program; it's propagating those results that I couldn't figure out how to do. I can probably contribute some PRs if this ends up being something that's wanted. |
I've been struggling to get Ghidra to a) Load PDBs for multiple libraries and b) propagate symbol information from a library to the executable linking to it. This seems like a basic use case but I couldn't find a documented solution.
The initial import of the .exe goes smoothly: the system libraries are found and imported, as are the user libraries in the same folder as the executable. If I run analysis at this point, the first problem I run into is that Ghidra will not attempt to load PDBs for dependencies. It seems that I have to manually open each DLL with CodeBrowser and run the "PDB Universal" analyzer so it will pick up the local PDB file. This is only the case for user libraries; system libraries seem to work automatically.
After getting the PDBs loaded, the external function references in the main executable still won't pull in the debug symbols. They all look like this:
Even though when I double-click on the external function and open the DLL in a new listing, it clearly has the debug symbols loaded:
I ended up throwing together some scripts for this and they mostly work. Is there a more official way to do this that's already built in to Ghidra?
The text was updated successfully, but these errors were encountered: