What are symbol(s)?  Information that expresses which programming-language constructs generated specific piece of machine code in a given executable module.
                In another term, they resolve memory addresses to function names (API) and variables during debugging.

Where is it used?
    It is used in tools such as ProcMon, ProcExp, DebugDiag, AppVerif, WinDbg,  Xperf and etc...
    It is able to decode user mode and kernel mode applications and drivers.

The most common type of symbols are:
  • Distributed in a separate file (for size and performance gains)
  • Compiled together with the module's binary file.
  • Discarded during the compilation and /or linking.

Note:  There are many types of symbolic files such as:
            .pdb, codeview, .coff, .dbg, .sym and export symbols

The ones that we will be focusing on, is a "Program Database" (.PDB).
  • Microsoft format
  • Supports incremental linking
  • Cannot be embedded in the image

    .PDB's contain the following information:

  • Public symbols
  • A list of object files that are responsible for sections of code executable
  • Frame pointer optimization information (FPO)
  • Name and type information for local variables and data structures
  • Source file and line number information