Forked from eversinc33/get_dll_from_symbol_server.cpp
Created
February 9, 2025 21:44
-
-
Save Dviros/59b3f63a3a80ed96a9adf9841ce90552 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #include <sstream> | |
| std::string | |
| GetSymbolServerURL( | |
| const std::string& moduleName | |
| ) | |
| { | |
| /* Extract timestamp and image size from a module | |
| & convert to uppercase hex. Then construct the symbol url */ | |
| HMODULE hModule = GetModuleHandleA(moduleName.c_str()); | |
| PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)hModule; | |
| PIMAGE_NT_HEADERS pNtHeaders = (PIMAGE_NT_HEADERS)((BYTE*)hModule + pDosHeader->e_lfanew); | |
| DWORD timestamp = pNtHeaders->FileHeader.TimeDateStamp; | |
| DWORD imageSize = pNtHeaders->OptionalHeader.SizeOfImage; | |
| std::stringstream ss; | |
| ss << std::hex << std::uppercase << timestamp << imageSize; | |
| std::string symbolServerURL = "https://msdl.microsoft.com/download/symbols/" + moduleName + "/" + ss.str() + "/" + moduleName; | |
| return symbolServerURL; | |
| } | |
| int | |
| main() | |
| { | |
| std::string module = "ntdll.dll"; | |
| std::string url = GetSymbolServerURL(module); | |
| std::cout << "[*] Symbol Server URL: " << url << std::endl; | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment