static void Main(string[] args) { // this is a GUIDAGE from my Windows 10 x64 box. string guidAge = "AA6BC31F61F7415F8C06994099933BBD1"; string filename = "ntkrnlmp.pdb"; // start by retrieving the Symbol file (PDB) PdbMagician myLib = new PdbMagician(); bool result = myLib.RetrieveSymbolFile(filename, guidAge, @"c:\temp\magician"); if (!result) { Console.WriteLine("One or more errors occurred.."); string[] errors = myLib.GetErrorList(); foreach (string s in errors) { Console.WriteLine(s); } } else { Console.WriteLine("Got It!"); } // now you have 2 choices, process all the symbols or just the ones you need for your project // // ALL symbols option string pdbLocation = Path.Combine(Path.Combine(@"c:\temp\magician", guidAge), filename); result = myLib.ParseAllSymbols(pdbLocation, Path.Combine(@"c:\temp\magician", guidAge)); if (!result) { Console.WriteLine("One or more errors occurred.."); string[] errors = myLib.GetErrorList(); foreach (string s in errors) { Console.WriteLine(s); } } else { Console.WriteLine("Successfully Built: "); } // selected symbols option List <string> todoList = new List <string>(); todoList.Add("_OBJECT_DIRECTORY"); todoList.Add("_EPROCESS"); todoList.Add("_LIST_ENTRY"); result = myLib.ParseSymbolFile(pdbLocation, Path.Combine(@"c:\temp\magician", guidAge), todoList.ToArray()); if (!result) { Console.WriteLine("One or more errors occurred.."); string[] errors = myLib.GetErrorList(); foreach (string s in errors) { Console.WriteLine(s); } } else { Console.WriteLine("Successfully Built: "); } }
static void Main(string[] args) { string guidAge = "0F0B35EF85904B09A22E11C1DBEF83921"; //string guidAge = "afcb4fd7b7a844acaa1a4154cc1091871"; //string guidAge = "1453BDA99D224237ABDDB806A482DDF41"; string filename = "ntkrnlmp.pdb"; PdbMagician myLib = new PdbMagician(); bool result = myLib.RetrieveSymbolFile(filename, guidAge, @"c:\temp\magician"); if (!result) { Console.WriteLine("One or more errors occurred.."); string[] errors = myLib.GetErrorList(); foreach (string s in errors) { Console.WriteLine(s); } } else { Console.WriteLine("Got It!"); } string pdbLocation = Path.Combine(Path.Combine(@"c:\temp\magician", guidAge), filename); List <string> todoList = new List <string>(); FileInfo fi = new FileInfo(@"C:\temp\magician\" + guidAge + @"\" + guidAge + ".json"); if (!fi.Exists) { return; } byte[] json = null; using (FileStream original = fi.OpenRead()) { using (BinaryReader reader = new BinaryReader(original)) { json = reader.ReadBytes((int)fi.Length); } } List <string> testList = new List <string>(); string theJson = Encoding.UTF8.GetString(json); var parsedJson = JObject.Parse(theJson); todoList.Clear(); foreach (dynamic item in parsedJson["$STRUCTS"]) { if (item.Name.StartsWith("<unnamed")) { continue; } todoList.Add(item.Name); } result = myLib.ParseSymbolFile(pdbLocation, @"E:\Code\github\Pdb-Magician\MemoryExplorer.Symbols", todoList.ToArray()); if (!result) { Console.WriteLine("One or more errors occurred.."); string[] errors = myLib.GetErrorList(); foreach (string s in errors) { Console.WriteLine(s); } } else { Console.WriteLine("Successfully Built: "); } }
static void Main(string[] args) { //string guidAge = "0F0B35EF85904B09A22E11C1DBEF83921"; //string guidAge = "afcb4fd7b7a844acaa1a4154cc1091871"; //string guidAge = "3D4400784115718818EFC898413F36C41"; //string guidAge = "5278AFF86C341677D7D7835C85B7B8441"; //string guidAge = "864170751E2F4E98A60091F60CA538D11"; string guidAge = "BF8CAE58DB897A8B8E09080F577B7ECD1"; // win11-pro string filename = "ntkrnlmp.pdb"; //string filename = "ntoskrnl.pdb"; // start by retrieving the Symbol file (PDB) PdbMagician myLib = new PdbMagician(); bool result = myLib.RetrieveSymbolFile(filename, guidAge, @"c:\temp\magician"); if (!result) { Console.WriteLine("One or more errors occurred.."); string[] errors = myLib.GetErrorList(); foreach (string s in errors) { Console.WriteLine(s); } } else { Console.WriteLine("Got It!"); } // now you have 2 choices, process all the symbols or just the ones you need for your project // // ALL symbols option string pdbLocation = Path.Combine(@"c:\temp\magician", guidAge, filename); result = myLib.ParseAllSymbols(pdbLocation, Path.Combine(@"c:\temp\magician", guidAge)); // selected symbols option List <string> todoList = new List <string>(); todoList.Add("_MI_FREE_LARGE_PAGES"); todoList.Add("_EPROCESS"); todoList.Add("_LIST_ENTRY"); result = myLib.ParseSymbolFile(pdbLocation, Path.Combine(@"c:\temp\magician", guidAge), todoList.ToArray()); if (!result) { Console.WriteLine("One or more errors occurred.."); string[] errors = myLib.GetErrorList(); foreach (string s in errors) { Console.WriteLine(s); } } else { Console.WriteLine("Successfully Built: "); } }