Using drakpdb tool

The drakpdb tool allows you to:

• determine PDB name and GUID age given an executable file (e.g. DLL)

• fetch PDB with given name and GUID age

• parse PDB into a profile that could be plugged into DRAKVUF

Usage examples

root@zen2:~/drakvuf# drakpdb pe_codeview_data --file ntdll.dll
{'filename': 'wntdll.pdb', 'symstore_hash': 'dccff2d483fa4dee81dc04552c73bb5e2'}
root@zen2:~/drakvuf# drakpdb fetch_pdb --pdb_name wntdll.pdb --guid_age dccff2d483fa4dee81dc04552c73bb5e2
100%|██████████████████████████████████████████████████████████████| 2.12M/2.12M [00:00<00:00, 2.27MiB/s]
root@zen2:~/drakvuf# drakpdb parse_pdb --pdb_name wntdll.pdb > profile.json