Dwarf data from PE files is not read in
besentv opened this issue · 3 comments
I tried to debug a program running in Wine with dwarf debug symbols, but edb doesn't seem to be able to read them from the Win-PE file format.
The highlighted row should show something along the lines of "<win32u.dll!FooBar+0>"
To reproduce, just compile Wine in MinGW mode (for symbols) https://wiki.winehq.org/Building_Wine, run a Windows program, and attach to it.
AFAICT, EDB doesn't support PE symbols at all, only ELF support is implemented. And Wine DLLs is yet another thing to add support for (since DLLs are not native on Linux).
But, since you are analyzing a Windows program, you might be better off with a Windows debugger like OllyDbg or x64dbg run via Wine. I had used OllyDbg via Wine, and it did work.
The problem with either OllyDbg or x64dbg is, that you cannot debug the Unix side. Another issue is debugging programs with builtin DRM. They're usually very annoying on the PE side, as they like to kill off the whole program when they detect a debugger, but are pretty useless when you're debugging the Windows program as a Unix process, as they can't really see a debugger anymore. Many Wine/Proton developers usually use gdb to debug Wine, just because of these two facts. So having PE symbols would be very cool to have, as edb has a much better interface than gdb. :)