普通文本  |  65行  |  1.97 KB

#!/usr/bin/env python
# Copyright (c) 2011 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

"""This will retrieve a PDBs "fingerprint" from it's corresponding executable
image (.dll or .exe).  This is used when retrieving the PDB from the symbol
server.  The .pdb (or cab compressed .pd_) is expected at a path like:
 foo.pdb/FINGERPRINT/foo.pdb

We can retrieve the same information from the .PDB file itself, but this file
format is much more difficult and undocumented.  Instead, we can look at the
DLL's reference to the PDB, and use that to retrieve the information."""

import sys
import pefile


__CV_INFO_PDB70_format__ = ('CV_INFO_PDB70',
  ('4s,CvSignature', '16s,Signature', 'L,Age'))

__GUID_format__ = ('GUID',
  ('L,Data1', 'H,Data2', 'H,Data3', '8s,Data4'))


def GetPDBInfoFromImg(filename):
  """Returns the PDB fingerprint and the pdb filename given an image file"""

  pe = pefile.PE(filename)

  for dbg in pe.DIRECTORY_ENTRY_DEBUG:
    if dbg.struct.Type == 2:  # IMAGE_DEBUG_TYPE_CODEVIEW
      off = dbg.struct.AddressOfRawData
      size = dbg.struct.SizeOfData
      data = pe.get_memory_mapped_image()[off:off+size]

      cv = pefile.Structure(__CV_INFO_PDB70_format__)
      cv.__unpack__(data)
      cv.PdbFileName = data[cv.sizeof():]
      guid = pefile.Structure(__GUID_format__)
      guid.__unpack__(cv.Signature)
      guid.Data4_0 = ''.join("%02X" % ord(x) for x in guid.Data4[0:2])
      guid.Data4_1 = ''.join("%02X" % ord(x) for x in guid.Data4[2:])

      return ("%08X%04X%04X%s%s%d" % (
          guid.Data1, guid.Data2, guid.Data3,
          guid.Data4_0, guid.Data4_1, cv.Age),
          cv.PdbFileName.split('\x00', 1)[0])

    break


def main():
  if len(sys.argv) != 2:
    print "usage: file.dll"
    return 1

  (fingerprint, filename) = GetPDBInfoFromImg(sys.argv[1])
  print "%s %s" % (fingerprint, filename)
  return 0


if __name__ == '__main__':
  sys.exit(main())