\Program Files\Debugging Tools for Windows\dbh.exe \Program Files\Debugging Tools for Windows\dbghelp.dllLoad Notepad:
dbh \windows\system32\notepad.exeTake note of some of the details[2]:
notepad [1000000]: info ... PdbSig : 0x0 PdbSig70 : 0xAAAAAAAA, 0xBBBB, 0xCCCC, 0xDD, 0xEE, 0xFF, 0xGG, 0xHH, 0xII, 0xJJ, 0xKK PdbAge : 0xL ...Now mash some of those digits together, as in AAAAAAAABBBBCCCCDDEEFFGGHHIIJJKKL.
You can download the Program Database File (.PDB) using curl:
curl --user-agent "Microsoft-Symbol-Server" http://msdl.microsoft.com/download/symbols/notepad.pdb/AAAAAAAABBBBCCCCDDEEFFGGHHIIJJKKL/notepad.pd_ --output notepad.pd_
wget --user-agent="Microsoft-Symbol-Server" http://msdl.microsoft.com/download/symbols/notepad.pdb/AAAAAAAABBBBCCCCDDEEFFGGHHIIJJKKL/notepad.pd_
Unfortunately, the wget I tested only uses HTTP 1.0, and Microsoft's symbol server doesn't seem to like that.
Now let's try the OSLoader.Exe embedded in the Windows NTLDR boot-loader.
Please do not disassemble Microsoft Windows programs if your End-User License Agreement denies you that use. For example, see section 4, LIMITATIONS ON REVERSE ENGINEERING, DECOMPILATION, AND DISASSEMBLY, of \I386\EULA.TXT on your Windows XP/2003 installation disc:
You may not reverse engineer, decompile, or disassemble the
Software, except and only to the extent that such activity
is expressly permitted by applicable law notwithstanding
this limitation.
Expand OsLoader.Exe from your XP/2003 installation disc:
expand d:\i386\osloader.ex_ osloader.exe
Follow the example procedure detailed above to fetch the Microsoft-provided .PDB for your licensed copy of OsLoader.Exe. Expand the .PDB to the same directory as your OsLoader.Exe:
expand osloader.pd_ osloader.pdb
Examine the OsLoader.Exe symbols:
dbh osloader.exe x
Make a note of the address of any interesting functions, such as NtfsOpen and NtfsRead. Maybe even the address of an exported function, such as ScsiPortInitialize.
Just for fun.
[1] http://msdn.microsof...e/gg463009.aspx
[2] http://stackoverflow...-hash-algorithm