Windows Symbol Fetch Utility (sf)

sf, short for 'symbol fetcher', is a prototype tool that gives one the flexibility to retrieve Windows component symbols in the form of PDB (Program Database) files.

Normally when one is debugging Windows applications with (for example) WinDbg, the debugger will automatically pull the appropriate symbols from the symbol path and then the symbol server specified. For Microsoft symbols, one normally points the debugger to the Microsoft symbol server website, and assuming the debugger has an Internet connection, the process of downloading symbols is automatic.

For the cases where the machine running the debugger has no Internet connection (eg. for a closed network), one needs to either setup an internal symbol server with the requisite symbols or find a way to separately pull the appropriate Microsoft symbols from the Internet and sneaker-net them over to your closed network. This tool is geared towards helping one perform the latter option.

Since this is a manual process, it is broken into two steps. The first step requires one to extract some necessary metadata from each PE file that is desired to be analyzed in the debugger. For the newer Windows operating systems, this includes reading the debug section of the PE file and extracting the unique GUID and age value. sf has an option to extract this data. The second step is to take the results of the metadata extraction (in the form of a results file) and transport it over to a machine with an Internet connection. Then it is used as an input parameter to sf to query the Microsoft symbol server to retrieve the appropriated PDB files. sf will package the PDB files received into a single cabinet (.cab) file. This allows one to easily transport the symbols back to the host machine running the debugger.

While there are a number of formats available for debug symbols, sf only supports the later Microsoft format that uses a GUID and age value for the PDB signature.


Intel 32-bit VersionIntel 64-bit VersionARM 64-bit Version
Linux:Not AvailableNot AvailableNot Available
Mac OS X:Not AvailableNot AvailableNot Available
*32bit apps can run in a 64bit linux distribution if "ia32-libs" (and dependencies) are present.