Open psrok1 opened 2 months ago
By the way, I temporarily merged your library code into https://github.com/CERT-Polska/drakpdb as you haven't made any releases for longer time and I can't pin to Git commit if I want to publish dependent package on PyPi.
I need to say that I really like the simplicity of your library and the fact that it doesn't give up when the new, unknown structure or leaf type is reached. I have tested few libraries on current Windows PDBs and pdbparse is the only library so far that is able to deliver basic information about exports and simple structures. I have tried the other solutions like:
llvm-pdbutil
that segfaults on llvm-pdbutil pdb2yaml --all combase_6c146f310d333559974d1d5d3fa2e4da1.pdb
and that's not the only problem with it as we can see in issues: https://github.com/llvm/llvm-project/issues?q=is%3Aissue+is%3Aopen+pdbutil+volatility3 pdbconv.py
that gives up on unknown leaf types: https://github.com/volatilityfoundation/volatility3/issues/182So I hope you're still interested in maintaining this library and I think I will be coming back with patches from time to time. Cheers!
Hi and thanks for the great library!
I found that when I try to parse PDB for
combase.dll
with GUID6c146f310d333559974d1d5d3fa2e4da1
, it fails to decode some strings contained in DBI stream structures.The reason is that cRefCnt is incorrect number of names when the true number exceeds 64K (this field is pretty short, just 16-bit). This behavior is documented here: https://llvm.org/docs/PDB/DbiStream.html#file-info-substream
After fix, combase.pdb is parsed correctly.