Ghidra offers the ability to download and apply a PDB file that corresponds to the program currently open in the CodeBrowser. Successful downloading requires, at a minimum, that:
- A Symbol Server URL is available and accessible from the client or computer where you are running Ghidra.
- The program open in the CodeBrowser is a PE file that was compiled by a Microsoft compiler.
If set, Ghidra parses the
_NT_SYMBOL_PATH
environment variable that is used to specify a PDB download location and Symbol Server URL(s). The syntax for_NT_SYMBOL_PATH
is shown below:
srv*[local symbols location]*[Symbol Server URL]
The
_NT_SYMBOL_PATH
symbols location is used to pre-populate the dialog that asks for the local storage location (as long as that location is valid). The_NT_SYMBOL_PATH
Symbol Server URL is used to pre-populate the dialog that asks for the Symbol Server location.
Although multiple Symbol Server URLs can be specified in the
_NT_SYMBOL_PATH
variable, Ghidra only uses the first listed URL.
- From the menu-bar of a tool, select File
Download PDB File
- A dialog appears asking whether you want to download a PDB or XML (PDB.XML) file. Select the type of file you want to download and click OK.
A Symbol Server should always have PDB files available for download. In contrast, .PDB.XML files are Ghidra-created files, and are only available to download from the Symbol Server if Ghidra tools have been used to create them and the server's admin has made them available. If you choose to download a .PDB.XML file and it is not found on the server, you will see a dialog message telling you so. For more information on creating and using .PDB.XML files, see the Load PDB File section.
- Before attempting to download the file, an attempt will first be made to locate it using file and path names associated with the program. A dialog appears asking whether you want to include the PE-Header-Specified Path, which could include a Universal Naming Convention (UNC) path of a location that might not be trusted. Select OK if you want to perform this potentially unsafe retrieval.
- A dialog appears asking where to save the downloaded file. Pick a location to store your PDB files. A common location on Windows is C:\Symbols.
- At this point, if a PDB file of the type you have chosen (either .PDB or .PDB.XML) already exists in the selected location, you will see a message indicating that a potential matching PDB has been found. You will then be asked if you would like to continue with the download.
- If you select "No", jump to Step 7.
- If you select "Yes", please keep the following things in mind relating to a found .PDB or .PDB.XML file:
- If the found file is not in a directory that contains the current binary's GUID (i.e., C:\Symbols\<pdbfilename>\<GUID>), then the file is not guaranteed to be an exact match for the current binary (when there is no GUID subfolder, a matching file is found based on expected PDB filename).
- If there is any doubt about whether the found PDB file matches, it is a good idea to try to download the matching file, anyway (the matching file will be saved in a directory of the form <download location>/<pdbfilename>/ <GUID>).
- If you do choose to continue to apply the found PDB file, and its GUID does not match the GUID of the current binary, you will be warned and given the option of canceling the application of the PDB file.
- Next, you will see a dialog asking for the Symbol Server URL.
If a list of known URLs exists in your distribution (the file will have the extension.pdburl
), the dialog will also include a button with the text "Choose from known URLs". When this button is pressed, a separate dialog appears showing known Symbol Server URLs.
You may choose any of these URLs or manually type one in. If manually typing in a URL, be sure to include the protocol (http or https).
Always be sure to check your organization's security policy before downloading any file from the internet.
- Next, if the Symbol Server contains a matching PDB that is the same file type that you chose earlier, it will return with a message indicating that the download was successful. The message also contains the path where you can find the downloaded file.
- If the download was successful or an existing PDB file was found, you may be asked whether you want to apply the PDB to the program.
You will not be asked if you want to apply the found file if the file is of type .PDB and you are not on a Windows system. This is because .PDB files can only be parsed when running on Windows, while .PDB.XML files can be parsed on any Operating System.
- If you are connecting to a Symbol Server that requires user authentication using PKI, you must first set your PKI Certificate before attempting to download from the server. See PKI Certificate for more details.