IDA不提示下载PDB
IDA不提示下载PDB
用IDA对dll进行静态分析是调试漏洞必不可少的步骤,今天在windwos上安装了IDA 6.8,分析wind32k.sys时,发现IDA不会自动去微软的服务器下载pdb文件了,导致整个dll只能识别出DriverEntry函数。最后找到解决办法是:修改ida安装目录下的pdb.cfg文件。
// PDB plugin
#ifdef __PC__ // INTEL 80x86 PROCESSORS
//
// The downloaded symbols are stored in the specified directory.
// Microsoft's public symbol store is used for downloading the symbols.
//
// If this option is omitted or empty - use _NT_SYMBOL_PATH if set, otherwise use %TEMP%\ida directory
// If the value is not empty - use it
//PDBSYM_DOWNLOAD_PATH = "c:\\symbols";
// Full symbol path (in _NT_SYMBOL_PATH format)
// If set, PDBSYM_DOWNLOAD_PATH and _NT_SYMBOL_PATH are ignored
PDBSYM_SYMPATH =
//把下面这行的注释去掉,改成自己的本地符号路径就好了
"SRV*e:\\sym*http://symbols.mozilla.org/firefox;SRV*c:\\symbols*http://msdl.microsoft.com/download/symbols";
// remote server where win32_remote.exe is running
// used when loading PDB symbols on non-Windows platforms
// NB: it will be used only if there is not already an existing debugging session started
PDB_REMOTE_SERVER = "localhost";
PDB_REMOTE_PORT = 23946
// password for the remote server
PDB_REMOTE_PASSWD = "";
#endif
重新加载dll,会自动去微软的服务器下载pdb文件,并存在本地的*e:\sym文件夹。
思考:继续深入了解IDA的话,有必要搞清楚
- IDA目录下的配置文件都是做什么用的
- 启动顺序如何
- 怎么修改