SoftICE/W: Using SYMLOC command



How to use SYMLOC on a Windows program whose location is not known?


Put an INT3 in the source code, preferably in the

  first module. If it cannot be put into the first module, then you

  must make a .MAP file and find the (relative) segment address of

  the module containing the INT3.

  Load the symbols using WLDR or LOAD, then run the program. When

  the INT3 pops up Soft-ICE/W, do a "SYMLOC CS" if the INT3 is in the

  first module, or a "SYMLOC CS XXX", where XXX is the segment of the

  actual module in the .MAP file.


  This is used in a situation where you have a dll loaded into ring 0.

  Because it is not a VXD SIW cannot sync the code and symbols properly.

  What this SYMLOC does is force the symbols and code to sync.  There

  are three parameters to it.  e.g.  SYMLOC section selector offset

  SYMLOC 01 28 0

  This should be used carefully, like the documented SYMLOC command

  it is irreversible.  The .sym file for the dll should be load as a

  normal 32 bit dll.

  The symloc command has been changed in version 1.51 so that the address

  of any section in any 32 bit table can be changed.  This will work for

  VxDs, 32 bit DLL's and 32 bit applications.  The syntax is as follows:

  SYMLOC  section-number  selector  32-bit-base

  where section-number would be obtained from the map

  selector is the protected mode selector used to reference the section.

  32-bit-base is the flat address of byte 0 of the section.

  ex.    SYMLOC  1  28  800C1200     (section 1 starts at 28:800C1200)

  Soft-ICE/W will update every symbol and line number record in the

  section to reflect the new address information.

Old KB# 11788
Comment List
Related Discussions