symbolresolver 1.3.0
dotnet add package symbolresolver --version 1.3.0
NuGet\Install-Package symbolresolver -Version 1.3.0
<PackageReference Include="symbolresolver" Version="1.3.0" />
paket add symbolresolver --version 1.3.0
#r "nuget: symbolresolver, 1.3.0"
// Install symbolresolver as a Cake Addin #addin nuget:?package=symbolresolver&version=1.3.0 // Install symbolresolver as a Cake Tool #tool nuget:?package=symbolresolver&version=1.3.0
Introduction
symbolresolver is a .NET library that provides front-end access to Microsoft's debugging tools (Dbghelp.dll).
Requirements
- Windows 10+ or later operating system with debugging tools installed
- .NET 9+ runtime
- Some features require administrator privileges
Using symbolresolver
- Add the symbolresolver nuget package to your project using the Nuget package manager.
- Reference the namespace:
using symbolresolver
To use symbolresolver, you will need to specify the path to dbghelp.dll (installed alongside Microsoft's debugging tools) and your desired symbol path. Here is an example:
var dbghelp = @"C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\dbghelp.dll";
var symbolPath = @"srv*c:\symbols*https://msdl.microsoft.com/download/symbols";
Resolving a user-mode address to a symbol requires loading that process's modules into the symbol engine:
try
{
var pid = 1026;
var address = 0x71230010;
var resolver = new SymbolResolver(s_SymbolPath, s_DbgHelpLocation);
if (await resolver.Initialize())
{
var resolved = await resolver.ResolveUserAddress(
pid, address, SymbolFormattingOption.SymbolAndModule);
}
}
catch (Exception ex)
{
...
}
If this is successful (careful with permissions), you can retrieve the symbol name of any arbitrary address:
var symbol = resolver.GetFormattedSymbol(address);
The process is identical for kernel-mode addresses, except that you do not need to provide a PID.
The format of the resolved symbol returned by the Resolve*** APIs can be adjusted by passing an option enum:
SymbolOnly: If a named symbol is found at the given address, the name will be returned. For example,NtOpenProcess. If there is no named symbol at the given address, the returned string will be formatted as<unknown_0x71230010>.SymbolAndModule: The module name, if found, will be prepended to the returned string in the format<module>!<symbol>. For example,ntdll!NtOpenTrace. If the module name cannot be retrieved, the module name portion of the returned string will be formatted as<unknown_module>.
By default, except in cases of critical errors, Resolve*** APIs will always return a value, even if there is no named symbol at a given address, as discussed above. This behavior can be overridden by passing the flag FailIfNoSymbolFound, in which case no resolved string will be returned if there is no named symbol at a given address.
Caveats
- Be careful running the library under Visual Studio, which also uses Dbghelp.dll
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. |
-
net8.0
- No dependencies.
NuGet packages (1)
Showing the top 1 NuGet packages that depend on symbolresolver:
| Package | Downloads |
|---|---|
|
etwlib
etwlib is a .NET library that provides raw access to Microsoft Windows Event Tracing (ETW) infrastructure including providers, manifests, and event data. etwlib is meant to be the foundation for larger projects that leverage its capabilities and is distributed as a Nuget package. |
GitHub repositories
This package is not used by any popular GitHub repositories.