itoldyouso - a Funny Equivalent to chksym
November 21, 2007The days are not filled with Crash Dump analysis with using WinDBG. Have you heard that it is possible to execute a command like itoldyouso in WinDBG? This is funny exported function in dbghelp.dll which is equivalent to chksym. i.e to check the validity of the module specified against the pdb pdb file. I dont know why redmond folks done like this. 
For e.g If you want to verify the ntdll.dll PDB file.Let’s go hereGive command like “!itoldyouso ntdll.dll”See the results.ntdll.dll Timestamp: 411096B4 SizeOfImage: B0000 pdb: ntdll.pdb pdb sig: 36515FB5-D043-45E4-91F6-72FA2E2878C0 age: 2
Loaded pdb is C:\WebSymbols\ntdll.pdb\36515FB5D04345E491F672FA2E2878C02\ntdll.pdb
ntdll.pdb pdb sig: 36515FB5-D043-45E4-91F6-72FA2E2878C0 age: 2
MATCH: ntdll.pdb and ntdll.dll This is useful especially when you have many PDB files of same modules. John Robbins Blogged about this few weeks ago. Follow the link to see more details.
No Comments » | 
Code, Softwares, Tips | Tagged: Debugging, itoldyouso, john robbins, windows | 
Permalink
Posted by Sarath
