While debugging a memory dump Windbg apparently reads somewhere the checksum, because it complains if you there is no provided (not linked with the /RELEASE flag). BUT it doesnt seem to actually compare them. I tried it with removing a function and rebuilding, but there is no error being shown. Is there some API function in Windbg/ to get the stored checksum or to actually compare them?
How do I compare the checksum of a memdump to the source file
182 Views Asked by T.D. At
1
There are 1 best solutions below
Related Questions in WINDOWS
- how to play a sounds in c# forms?
- Echo behaviour of Microsoft Windows Telnet Client
- Getting error while running spark-shell on my system; pyspark is running fine
- DirectX 9 With No SDK Installed - How To Translate a D3DMATRIX?
- Gradle 8.7 cannot find installed JDK 22 in IntelliJ
- 'IOException: The cloud file provider is not running', when trying to delete 'cloud' folder
- Cannot load modules/mod_dav_svn.so into server
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
- 32-bit applications do not display some files in Windows 10
- 'bun' is not recognized as an internal or external command
- mkssecreenshotmgr taking a screenshot
- Next js installation in windows 7 os
- Can't resize a partition using Mini Tool?
- Is there any way to set a printer as default according with Active Directory Policy Security Group and PC hostname?
- Electron Printing not working on Windows (Works on Mac)
Related Questions in WINDBG
- WinDbg of .Net application shows 2 threads with locks, but empty !locks and !syncblk
- using WinApi 32 in Windbg Breakpoints based actions
- Windows kernel debugging with windbg through network: is there an alternative to ".kdfiles"?
- WinDbg session does not connect
- TEB representation for ARM64, xpr register
- How to pull .natvis data out of a PDB?
- Exception code c0020001 on shutdown - how to determine which managed code function didn't run?
- How Windows Handle to associate corresponding object type?
- Is there any way to debugging Windows XP/2000 BSOD during installation?
- Viewing the named security attributes for token in windbg (kernel mode)
- DLL not found when Debugg using Windbg for Windows7
- Understanding the Dump for w3p app with WinDbg
- find driverObject from module address using windbg kernel mode debugging
- core dump files batch processing (Windows)
- Invalid Pointer Read (Access Violation) from undocumented KERNELBASE methods crashing Windows Services
Related Questions in CHECKSUM
- Identify the checksum algorithm
- tar.gz image archive created via bitbake differs from archive created manually
- I am having doubts on how checksum is calculated
- How to calculate the checksum of this serial data?
- Comparing the hash of a file, containing a list of hashes of multiple files instead of each file, is it good?
- Why did the integrity checksum in the pacakge-lock.json change only by a few characters?
- Why we need wraparound in UPD checksum algorithm?
- How to compute Smaller checksum for executable ranging from 4 to 6 bytes?
- What is the CRC32 Collision probability of All possible ASCII strings of variable length ranging from 1 to 7
- Randomize values in SQL Server using extra criteria
- How to Implement a Checksum Algorithm Based on a Written Description
- How does a program know I have attempted to alter a license file?
- Checksum of checksums of a local file downloaded from S3 does not match SHA-256 checksum of the remote file
- How to obtain head.ChecksumAdjustment?
- Checksum value from Minio Python Client
Related Questions in MEMORY-DUMP
- In python, how to hide sensitive data from getting exposed in memory dump?
- How to perform diffsception (diffing intermediary diff outputs together to filter out irrelevant changes)
- Volatility3: AttributeError: function/symbol 'ARC4_stream_init' not found in library
- How to calculate Retained size (in bytes) of Dictionary<TKey,TValue> in memory dump, using WinDbg?
- Save memory dump edit into an exe file in OllyDbg
- Is it possible to setup unmanaged DLL to generate memory dump files?
- Can someone explain the meaning of android studio memory dump?
- Creating a memory dump that keeps same addresses as RAM, so pointers are still valid
- Dump memory with GDB by register
- dotnet-dump vs createdump analysis
- How do I compare the checksum of a memdump to the source file
- Clear C# String from memory - Angular
- Cleanup output from GDB memory dump
- How to read backtrace /memory dump from a GCC fortify crash?
- How can I view the async stack traces while debugging a .NET application in Visual Studio?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
PDB files contain
PE files (DLL, EXE) contain
Source files contain
So WinDbg can figure out whether the DLL and PDB match together. It cannot figure out whether the source file you have is actually the one that was used to build the EXE, DLL or PDB.
BTW: this is also the reason why you can't simply rebuild the PDB for a DLL you have created in the past.
Well, you don't because you can't.
You can get the checksum from a PDB but you cannot compare it to your source. You can only compare it to the DLL or EXE.
You can also turn off the check in WinDbg with
.symopt+ 0x40(MSDN) which is SYMOPT_LOAD_ANYTHING. However, you might get wrong function names, wrong variable names, wrong line numbers etc.There are tools that make the DLL and PDB match. But, don't do that! You will forget about it and you'll never be notified about the mismatch again. You will get wrong results and you will be very confused or even draw the wrong conclusions. This results in a massive waste of time. It happened to me.