IDA Pro allows you to load symbols for windows components. However, this feature is not fully suitable for me, because it constantly loads them from internet. Looks inefficient, especially if you use IDA on different machines – symbols get downloaded for each of them.
I prefer everything that can be controlled, so my idealistic vision of this is to download symbols and store them on your drive. Then, you shoud specify the location of symbols to IDA and enjoy the symblos retrieving process with your internet switched off.
However, there is no properties avialble to set for PDB plugin. Also, there is no chance to change the URL which is used for downloading symbols – it’s just hardcorded in plugin. Sure, you can edit it using hex editor and specify different url or the local one if you have your symbols downloaded locally.
However, I believe this can be avoided with the help of my plugin ;). I decided to make an extension of existing plugin – just to simplify my life and (possibly) those who suffers from the same problem. Nowdays I feel the lack of free time, so don’t expect the plugin to have rich UI or something like that. This is just the first version.
To install plugin make the following steps:
– copy pdbext.plw file to IDA plugins directory (for example, my directory is ‘D:\Program Files\IDA\plugins\’)
– edit plugins.cfg which resides in plugins directory, add the following lines:
PDBExt:_load_symbols pdbext 0 0
PDBExt:_show_setting_page pdbext 0 1
– save plugins.cfg and restart the IDA
Once plugin will be loaded first time for a given project it will prompt you to specify settings:
– ‘Use only remote symbols source’ check means that plugin will use MSFT storage to get symbols for your OS.
– ‘Use only local symbols source’ means that only local store will be used.
– ‘Use local & remote symbols sources’ means that plugin will combine both sources when retrieving symbols.
To change the source location just put the values into corresponding edit boxes and click OK. Settings are stored for each project separatly, it means that you can specify different settings for different projects. This helps in case when you reverse windows components for different version of windows and you need to change the symbols path.
Once settings has been set you can use plugin via Plugin submenu:
Clicking on ‘PDBExt: show settings page’ invokes again the settings page, so you can change the symbols retrieving policy.
Actual work is perfomed when you click on ‘PDBExt: load symbols’: plugin retrievs symbols and applies them to disassembly.
In next release I will try to cover several issues. There should be done 64 bit support + installer that installs plugin and makes corresponding changes in plugins.cfg file. Current implementation of PDBExt loads only lines information (SYMOPT_LOAD_LINES), but I believe it can be extended.