flat assembler
Message board for the users of flat assembler.

Index > Heap > Who know SYM file format (for MSVC 4)?

Author
Thread Post new topic Reply to topic
ProMiNick



Joined: 24 Mar 2012
Posts: 533
Location: Russian Federation, Sochi
ProMiNick
SYM file is one of debug files
consist of 3 parts: header, sections, 4 byte file end - each part is paragraph aligned.

content of header:
Code:
        dd filesize shr 4
        dw 1
        dw ?;0 or 1
        db sizeof.varheader
        db ?; maybe dw extension of sizeof.varheader
        dw ?; maybe section count
        dw ?; no idea
        db ?; no idea
        db NAME.sz
  NAME db related_file_name_w_o_extension
        NAME.sz = $-NAME
        if crt_used
          db 1,0
          db CRT.sz
  CRT db '__acrtused'
          db ?; no idea
        end if
sizeof.varheader:
        db 0
        align 16
        dq ?; no idea
        align 16
    


section:
Code:
        db ?;0 or $10
        db 0,0,$FF
        db SECNAME.sz
  SECNAME db name of section          
        SECNAME.sz = $ - SECNAME
repeated block
        dw in_section_offset
        db IDENTIFIER.sz
  IDENTIFIER db identifier name
        IDENTIFIER.sz = $ - IDENTIFIER 
end of block
        sequence of words
        align 16
    


Who know more detailed and less assumptioned definition of SYM format. Thanks.

_________________
I don`t like to refer by "you" to one person.
My soul requires acronim "thou" instead.
Post 15 Nov 2019, 14:03
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
There are many different formats.

Which compiler/language is your target? Would that be MSVC?
Post 15 Nov 2019, 14:06
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 533
Location: Russian Federation, Sochi
ProMiNick
Files I analized are from 199x for win 9x.
So I guess compiler is MSVC 4 combined with some encient assembler ( in such SYM files present relative paths to *.ASM files).
Post 15 Nov 2019, 14:37
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
ProMiNick wrote:
Files I analized are from 199x for win 9x.
So I guess compiler is MSVC 4 combined with some encient assembler ( in such SYM files present relative paths to *.ASM files).
If it is an MS compiler then the assembler is most probably MASM.
Post 15 Nov 2019, 15:01
View user's profile Send private message Visit poster's website Reply with quote
st



Joined: 12 Jul 2019
Posts: 43
Location: Russia
st
Does Borland's TDUMP.EXE support this .SYM file? I think MS uses CodeView formats (they differs but contains something like 'NB09' signature (according to Sven B. Schreiber's "Undocumented Windows 2000 Secrets").
Post 17 Nov 2019, 08:14
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.