Symbols on Demand (an OllyDbg plugin)
OllyDbg is able to use dbghelp.dll and symsrv.dll to show extended debug information, such as the module source code (if referenced by the debug information) or module symbols from a PDB file (which can be fetched from the Microsoft Symbol Server for system modules). The problem is that if you turn on this option, module loading becomes much slower. On the other hand, this information is very handy, so there’s a dilemma as of whether to turn it on.
The Symbols on Demand plugin provides the best of both worlds: it disables loading of this extended debug information by default, but allows to load it explicitly for any module, at any time. Using this approach, loading is still fast, but if you need to load extended debug information for a module, you can easily do that.
OllyDbg v1.10 and v2.01 are supported. For OllyDbg v1.10, there’s additional functionality: you can set the symbols search path, which is set by default to SRV*.\Symbols*http://msdl.microsoft.com/download/symbols. You can also choose to retrieve undecorated symbol names. These options can be set in the INI file of OllyDbg, in the plugin’s section.
symbols_on_demand.zip (4.96 kB)
For your convenience, here are the dbghelp.dll and symsrv.dll files:
dbghelp_symsrv.zip (579.8 kB)
The source code is available on GitHub.
Tags: ollydbg, symbols on demand
dbghelp_symsrv.zip
First combo of dll I found that actually works. And I do have Visual Studio and Win debug tools and like 20 symsrv dlls around.
Big thanks, man! As for the OnDemand plug!
Great stuff. Also, huge thanks for the Multiline Asm! The pain I’d be in if I had to inline stuff by hand.
You rock.
I put the plugin dll into my olly v1.10 folder and the dbghelp/symsrv dlls in the plugin folder too. But when i try to load symbols for an executable that uses ntdll calls, it doesn’t resolve symbols and says “No symbols were loaded for Exe.exe…”
Am i doing something wrong ?
These should go to the main folder, together with ollydbg.exe.
I’ve copied the dbghelp/syssrv dlls to the same folder as ollydbg’s and still get the message “No symbols were loaded for ntdll” for example
Upload your ollydbg folder as a zip file, and I’ll look at it.
Sorry for not replying, i forgot to check for an answer.
Anyway i happened to use a custom version of ollydbg previously(Legend of rand0m’s version) and had a few problems with it. So decided to get a fresh ollydbg 1.10 version. And to day i tried your plugin on it and now it says loaded symbols successfully.
Just a question though : I’ve tried using x64dbg and it recognizes function names (for instance DirectX function) whereas in ollydbg it says apphelp.XXXXXX (XXXXXX being the address within apphelp module) for the same instruction, is this a symbol issue ?
I don’t know, but I don’t think that it has something to do with the plugin.
You might also want to try OllyDbg v2, or ask the author of x64dbg about it.
Alright thanks for the answers and the plugin !
Nice plugin thx 🙂
The patch of the pdb path, ie, bSearchPathPatch makes ollydbg refuses to load the .pdb file of the executable (if it’s put besided it).
Your executable will only successfully load by an absolute path of the .pdb file then (the path that’s embedded inside the .pdb file)
The plugin was released almost ten years ago, and is no longer maintained. The source code is available, so if you’d like to contribute a fix, I’ll consider merging it and releasing a new version.
Hey Michael,
Thanks for your response.
I know the plugin is old, I just wanted to mention a limitation with it.
If you keep the .pdb path in the absolute path it’s fine. No additional work is needed. However, once you try to use relative path of pdb like so:
Sample.exe
Sample.pdb
Then it will fail to load the .pdb file (assuming that the .pdb located inside the embedded path of the .exe file doesn’t exist).
I wanted to provide a solution to this so here is a simple one if you use MSVC linker:
In the linker command line, add the following command:
/pdbaltpath:%_PDB%
This will prevent embedding an absolute path of the .pdb file inside your executable file. Then olly can load it as a relative path now with your plugin.
Here is more info:
https://stackoverflow.com/questions/11109189/remove-pdb-references-from-released-file
Thanks for this useful plugin and the source.
I created a fix for this by attaching the current dir to the one specified in ollydbg.ini.
However, the source is archived and so no pull requests can be made.
I unarchived it.
It’s done, thanks.
I only use olly 1.10 so not sure about 2.0.
You can review the changes.
Cheers.