问题
I am in debugger session with WinDbg. I type lm command and it shows loaded modules but I don't quite understand what does the (export symbols) mean below?
048c0000 0550c000 Db (export symbols) Db.dll
05520000 05535000 Graph (export symbols) Graph.dll
I was expecting it will either say symbols not loaded or loaded or deferred but it's none of that. What does the (export symbols) indicate in this case?
回答1:
Exported symbols means that no PDB file was loaded and the symbols have been read from the binary (EXE, DLL) instead. A binary file has an export table. This table is used for resolving the symbols.
The export table is a feature of the PE file format. If you want to see it, you can use CFF Explorer. If you want a sample binary, use ntdll.dll from %windir%\system32:
Regarding the amount of information, it increases in this order:
- no symbols
- export symbols
- public symbols
- private symbols
You may also see "deferred" symbols, which means that WinDbg doesn't know yet, because it has not tried loading them. Use ld*;.reload if you want to get rid of the deferred symbols.
来源:https://stackoverflow.com/questions/38107498/what-does-exported-symbols-mean-in-lm-command