Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. How to retrieve indexed source files of a portable executable binary file

How to retrieve indexed source files of a portable executable binary file

This article describes how to retrieve the indexed source files of a portable executable (PE) binary file from source control by using information that's stored in the PE binary file's pairing program database (PDB) file. Because the indexed source files have their hash values embedded in the PDB file, these hash values can be used to verify the authenticity of the source files during their retrieval.

Note In the following steps, "abc.dll" represents the PE file in question.

Step 1

Use symchk to allocate the pairing .pdb file from a symbol server location. Use the /os option to obtain the full symbol path in the symchk output message.

For example, the symchk /v abc.dll /s D:\symbol-path\dll /os command line returns the following:
[SYMCHK] Searching for symbols to abc.dll in path D:\symbol-path\dll
DBGHELP: abc - private symbols & lines
        D:\symbol-path\dll\abc.pdb
[SYMCHK] SymType: SymPDB
[SYMCHK] ModName: abc
[SYMCHK] ImageName: abc.dll
[SYMCHK] LoadedImage: abc.dll
[SYMCHK] PDB: "D:\symbol-path\dll\abc.pdb"
[SYMCHK] PDB7 Sig: {625880BA-C1D4-4673-BFA2-07F90AAD7EC4}
[SYMCHK] Age: 1
[SYMCHK] PDB Matched:  TRUE
SYMCHK: FAILED files = 0
SYMCHK: PASSED + IGNORED files = 1
In the output, notice that the full symbol path is D:\symbol-path\dll\abc.pdb.

Step 2A

If the PE file in question is native code, use cvdump against the allocated .pdb file together with the -sf option to view individual source files and their hash values. The hash values may be MD5 or SHA256.

Step 2B

If the PE file in question is managed code, use pdb2xml against the allocated .pdb file to view individual source files and their hash values. The hash values may be SHA1 or SHA256.

Step 3

Use srctool against the allocated .pdb file together with the -n option to show the source control version information of individual indexed source files.

For example, the srctool -n D:\symbol-path\dll\abc.pdb command line returns the following:

d:\publicint\sdk\inc\api_x.h <source control server URL> d:\publicint\sdk\inc\api_x.h#34
d:\abc_dll\abc.c <source control server URL> d:\abc_dll\abc.c#1

Step 4

Use the source control version information from Step 3 to retrieve individual indexed source files. You can save the retrieved source files to a local file system directory.

Step 5

For each local copy of the retrieved individual indexed source files in Step 4, use certutil together with the -hashfile verb to generate and display cryptographic hash over the copy. If the hash value associated with the source file in Step 2A or 2B is MD5, SHA1, or SHA256, use certutil -hashfile <file_name> MD5, certutil -hashfile <file_name> SHA1, or certutil -hashfile <file_name> SHA256 accordingly.

Step 6

For each local copy of the retrieved individual indexed source files in Step 4, verify that the hash value that's generated by certutil in Step 5 matches the corresponding hash value obtained in Step 2A or 2B. If the hash values do not match, something may have gone wrong during the generation of the PE/PDB pair or in the source control system. This may warrant further investigation. If the hash values match, this strongly indicates that the retrieved individual indexed source files were used to compile the PE/PDB pair.  

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 3195907
Revision : 1
Created on : 1/7/2017
Published on : 10/5/2016
Exists online : False
Views : 549