Can I use map2dbg with 64 bit Delphi executables?

Question

I am currently using map2dbg to create a .dbg file from my Delphi .map files. This works beautifully for 32 bit executables. For 64 bit executables the call to map2dbg.exe appears to succeed, but the resulting .dbg file does not appear to be useful. When I view stack traces in Process Explorer, they have no symbol names.

Should I even expect map2dbg to work in 64 bit? And if not, is there an alternative that I can use?

Answer 1

I've made a small research and it seems that map2dbg can in fact be used for 64bit executables made in Delphi XE2. The only point is you should modify WORD in the produced DBG file at offset 4 from $8664 to $014C.

Yes, this looks like a nonsense, because this means to change Machine field in DBG header from AMD64 to X86, but this really results in a DBG file correctly loading in both WinDbg and Process Explorer.

I've made a patched version of map2dbg version 1.3, so it automatically writes $14c into DBG. Here is the archive: http://yadi.sk/d/kbVFCGyI2gQzM

UPDATE: DBG files made with the patched version of map2dbg are accepted by both Process Explorer and WinDbg, and the symbols from these DBGs are correctly linked with the corresponding addresses in the executable, but wrong stack frames are displayed.

The reason is in DBGHELP library. As can be seen from its disassembly, it only loads the DBG files made for X86 or Alpha processors (Machine field values $14c and $184). But if we manually change the Machine field in a DBG file from AMD64 to X86, then DBGHELP will treat the executable as a 32-bit module (so PDATA segment from the executable won't be used during the stack unwind), and incorrect stack frames will be shown by the debuggers.

I've patched both x86 and x64 versions of DBGHELP installed with WinSDK for Win8. The patched versions allow for loading DBG files with AMD64 Machine field ($8664), so the stack frames as displayed as expected. These versions are available in this archive: http://yadi.sk/d/7ZDLv2ed2gRGo

So, we now have two different approaches to use the symbols from 64-bit executables compiled with Delphi XE2:

1. Simple way: use the patched map2dbg to produce "fake-x86" DBGs, which can be loaded into WinDbg and Process Explorer, so the symbol addresses will be shown, but the debuggers won't be able to display the stack frames.

2. "Hardcore" way: use the patched dbghelp.dll, with the support of AMD64 DBG files. With this version of DBGHELP, WinDbg and Process Explorer can unwind the stack frames.

ONE MORE UPDATE: cv2pdb tool can now convert DBG files created with map2dbg into PDBs. Both 32-bit and 64-bit executables are supported.

Here's a compiled version of the latest sources of cv2pdb.

Answer 2

Just for your information: I found a PDB writer https://github.com/jbevain/cecil/blob/master/symbols/pdb/Mono.Cecil.Pdb/PdbWriter.cs

It's part of the Mono Cecil library (open source .net implementation). I hope it can modified to read Delphi .map files too... (not tested yet)

Answer 3

I made some modifications (actually commented the exceptions :-) ) to tds2pdb. Now it also works for Delphi .tds files, both 32bit and 64bit! See my G+ post: https://plus.google.com/u/0/110131086673878874356/posts/eJBKC16e5f6

Note: only ProcesExlorer did not show the full stack of my 64bit test program, ProcesHacker and WinDbg show the full stack though.

Answer 4

Just for your information, I made a Proof of Concept dll for dbghelp.dll, so it can also read Delphi .map files. It is some kind of proxy dll: it has the same exports of the real dll, but they are all forwarded to the real/original dll. 3 symbol functions are implemented with a Delphi (jclDebug.pas) lookup: https://plus.google.com/u/0/110131086673878874356/posts/4rmyQM5kVW7 https://plus.google.com/u/0/110131086673878874356/posts/TSJRqFJR3WZ

Only 32bit for now. ProcesExplorer runs only in 64bit in a 64bit Windows, but ProcesHacker also has a 32bit version. When I have some more time I can maybe improve it further... or try it yourself in the mean time! In 64bit mode you cannot use "ASM JMP PToProc" but something like "ASM JMP qword ptr [rel p]".

Answer 5

Unfortunately, *.dbg support is deprecated (note: not even used or loaded!) in newer versions of Microsoft products (windbg, process explorer, visual studio etc). So even if it creates a valid .dbg file, it will never be used... :-(

My biggest wish is to be able to create a .pdb file! So if anyone can get the specs for it?! (it is a closed MS format?) Because, to be even worse, the newest Intel VTune/Threading profiler also does not use .dbg files anymore, so I REALLY WANT A DELPHI TO PDB CONVERTER! (sorry for shouting)

I have tried several things, but no success yet. That's why I created my own stack viewer and minidump viewer, which uses Delphi debug symbols (.map, .jdbg etc): http://code.google.com/p/asmprofiler/wiki/ProcessStackViewer http://andremussche.blogspot.com/2011/03/minidump-reader-for-delphi.html

Note: I haven't tested my stuff on 64bit Delphi apps yet... So it probably won't work, but you can try it anyway...