How to use SYMLOC on a Windows program whose location is not known?
Put an INT3 in the source code, preferably in the
first module. If it cannot be put into the first module, then you
must make a .MAP file and find the (relative) segment address of
the module containing the INT3.
Load the symbols using WLDR or LOAD, then run the program. When
the INT3 pops up Soft-ICE/W, do a "SYMLOC CS" if the INT3 is in the
first module, or a "SYMLOC CS XXX", where XXX is the segment of the
actual module in the .MAP file.
UNDOCUMENTED SYMLOC COMMAND
This is used in a situation where you have a dll loaded into ring 0.
Because it is not a VXD SIW cannot sync the code and symbols properly.
What this SYMLOC does is force the symbols and code to sync. There
are three parameters to it. e.g. SYMLOC section selector offset
SYMLOC 01 28 0
This should be used carefully, like the documented SYMLOC command
it is irreversible. The .sym file for the dll should be load as a
normal 32 bit dll.
The symloc command has been changed in version 1.51 so that the address
of any section in any 32 bit table can be changed. This will work for
VxDs, 32 bit DLL's and 32 bit applications. The syntax is as follows:
SYMLOC section-number selector 32-bit-base
where section-number would be obtained from the map
selector is the protected mode selector used to reference the section.
32-bit-base is the flat address of byte 0 of the section.
ex. SYMLOC 1 28 800C1200 (section 1 starts at 28:800C1200)
Soft-ICE/W will update every symbol and line number record in the
section to reflect the new address information.