Memory Debugger for Windows, Linux, and Mac
Dr. Memory
Symbol Query Tool

symquery is a symbol querying tool that operates on Linux, Mac, and Windows and supports the Windows PDB, Linux ELF, Mac Mach-O, and Windows PECOFF formats with DWARF2 line information.

The usage summary is as follows:

% bin/symquery.exe
Usage:
Look up addresses for one module:
D:\derek\drmemory\bin\symquery.exe -e <module> [-f] [-v] -a [<address relative to module base> ...]
Look up addresses for multiple modules:
D:\derek\drmemory\bin\symquery.exe [-f] [-v] -q <pairs of [module_path;address relative to module base] on stdin>
Look up exact symbols for one module:
D:\derek\drmemory\bin\symquery.exe -e <module> [-v] [--enum] -s [<symbol1> <symbol2> ...]
Look up symbols matching wildcard patterns (glob-style: *,?) for one module:
D:\derek\drmemory\bin\symquery.exe -e <module> [-v] --search -s [<symbol1> <symbol2> ...]
Look up private symbols matching wildcard patterns (glob-style: *,?) for one module:
D:\derek\drmemory\bin\symquery.exe -e <module> [-v] --searchall -s [<symbol1> <symbol2> ...]
List all symbols in a module:
D:\derek\drmemory\bin\symquery.exe -e <module> [-v] --list
List all source lines in a module:
D:\derek\drmemory\bin\symquery.exe -e <module> [-v] --lines
Optional parameters:
-f = show function name
-v = verbose
--enum = look up via external enum rather than drsyms-internal enum

When converting from an address to a symbol or function and line number, the address must be an offset from the module base, and not an absolute address.

Searching for symbols using wildcards is only supported on Windows.

On Windows, when using –search, export symbols may not show up (this is an artifact of the underlying use of the dbghelp library to read PDB files). We recommend using –searchall, unless the extra overhead is an issue (only relevant for very large PDB files).

Below are some examples.

addr2line-like functionality:

% bin/symquery.exe -e tests/free.exe -a 0x1077
d:\checkout\drmemory\git\src\tests\free.c:48+0x7
% bin/symquery.exe -e tests/free.exe -f -a 0x1077
main+0x67
d:\checkout\drmemory\git\src\tests\free.c:48+0x7

On Linux:

% bin/symquery -e tests/free -v -f -a 0x6d5
<debug info: type=ELF symtab, has symbols, has line numbers>
main+0xb9
/home/user/checkout/src/tests/free.c:61+0x7

On Mac:

% bin/symquery -e ./a.out -v -f -a 0x33a1
<debug info: type=Mach-O symtab, has symbols, has line numbers>
TrainCar::isEngine+0xf
/Users/username/project/traincar.h:17+0x5

Looking for symbols with wildcards:

% bin/symquery.exe -e c:/windows/syswow64/kernel32.dll -v --searchall -s Heap*
<debug info: type=PDB, has symbols, NO line numbers>
HeapDestroyStub +0x13557-0x13557
HeapUnlockStub +0x9444f-0x9444f
HeapQueryInformationStub +0x9442f-0x9442f
HeapSummary +0xbeb4c-0xbeb4c
HeapSetInformation +0x155fe-0x155fe
HeapLock +0xbeb36-0xbeb36
Heap32ListFirst +0x95651-0x95651
HeapValidateStub +0x2b11b-0x2b11b
HeapWalk +0xbeb62-0xbeb62
HeapCreate +0x149da-0x149da
HeapCompact +0x146c4-0x146c4
Heap32Next +0x9597e-0x9597e
HeapCreateStub +0x149cd-0x149cd
HeapWalkStub +0x9445f-0x9445f
HeapCompactStub +0x146b7-0x146b7
HeapSetInformationStub +0x155f1-0x155f1
HeapFree +0x11499-0x11499
HeapDestroy +0x13564-0x13564
HeapQueryInformation +0xbeb41-0xbeb41
Heap32ListNext +0x956fb-0x956fb
HeapSummaryStub +0x9443f-0x9443f
HeapUnlock +0xbeb57-0xbeb57
HeapLockStub +0x9441f-0x9441f
Heap32First +0x95793-0x95793
HeapValidate +0x2b128-0x2b128
% bin/symquery.exe -e c:/windows/syswow64/kernel32.dll --searchall -s *HeapFree
WerpHeapFree +0x3b998-0x3b998
MFHeapFree +0xb2361-0xb2361
HeapFree +0x11499-0x11499
% bin/symquery.exe -e c:/windows/syswow64/kernel32.dll --list | grep HeapFree
WerpHeapFree +0x3b998-0x3b998
MFHeapFree +0xb2361-0xb2361
HeapFree +0x11499-0x11499
% bin/symquery.exe -e C:/Windows/system32/MSVCP100D.dll -v --searchall -s "std::_DebugHeapDelete<*>"
<debug info: type=PDB, has symbols, NO line numbers>
std::_DebugHeapDelete<std::_Fac_node> +0x62bb0-0x62bb0
std::_DebugHeapDelete<std::locale> +0x17ff0-0x17ff0
std::_DebugHeapDelete<std::ios_base::_Iosarray> +0x142e0-0x142e0
std::_DebugHeapDelete<std::ios_base::_Fnarray> +0x14300-0x14300
std::_DebugHeapDelete<std::locale::facet> +0x13d20-0x13d20
std::_DebugHeapDelete<void> +0x46c00-0x46c00
std::_DebugHeapDelete<_RTL_CRITICAL_SECTION> +0x635a0-0x635a0