[Compuware Corporation] [Compuware NuMega home page] [NuMega Lab] [teal] [DriverStudio] [Image][Image] · Home [Driver Products] Driver Technical Tips · DriverStudio Solving Driver Problems with Microsoft's DUMPBIN · DriverBundle Utility · Previews · Compatibility It's surprising how many developers are unaware of [Downloads] · the very useful DUMPBIN utility that comes with Microsoft Visual C++. DUMPBIN displays information Wizards about several formats of executable files. Included · Utilities among those formats are the two most relevant to · NT source driver developers, namely the PE format of NT and WDM examples drivers, and the LE format of VxDs. Furthermore, · VxD source DUMPBIN can even dump .LIB and .OBJ files in COFF examples format. · WDM source examples Knowing how to use DUMPBIN effectively can help you [Resources] · to optimize your driver, and to solve a variety of Technical papers programming problems. DUMPBIN can selectively display · Useful links a wide variety of information stored in a file.You · Technical tips can control what information is dumped using the [Support] · following command line switches: Support /ALL · Knowledge base /ARCH · Problem /ARCHIVEMEMBERS submission /DEPENDENTS · Product /DIRECTIVES registration /DISASM · Release notes /EXPORTS [Shop NuMega] · /FPO Buy it! /HEADERS · Price list /IMPORTS · How to buy /LINENUMBERS · Sales offices /LINKERMEMBER[:{1|2}] /LOADCONFIG /OUT:filename [Y2K Compliance] /PDATA /RAWDATA[:{NONE|BYTES|SHORTS|LONGS}[,#]] /RELOCATIONS [More information] /SECTION:name /SUMMARY /SYMBOLS Let's take a closer look at a few of the most useful switches: /HEADERS displays information about each section of the image. This information includes the image name, size, virtual address, and attributes of the section. This switch is useful for determining which sections of your driver are consuming the most memory. Here is some sample output from the dump of a kernel mode driver: SECTION HEADER #4 PAGE name 1DF2 virtual size 5100 virtual address 1E00 size of raw data 5100 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60000020 flags Code Execute Read The code section described by the above is named 'PAGE', and has a virtual size of 0x1DF2 bytes, although the file actually stores 0x1E00 bytes for proper file alignment.The address of the section is 0x5100 with respect to the start of the image. The flags indicate that it is a code section, with 'execute' and 'read' attributes. If you want to display a brief summary of the all the sections, including their respective sizes, use /SUMMARY (this is the default action if no switches are specified on the command line). /SYMBOLS dumps the symbols. This is useful when you are trying to figure out which library or which object file contains a particular symbol. It can also tell you how the compiler has decorated or 'mangled' a variable name. This kind of information is helpful in resolving problems of mismatched function types, or misspelled variable names. You can also dump the symbols from the libraries of the DDK (e.g. NTOSKRNL.LIB), which will reveal the existence of many entry points that are not documented in the DDK. To get a list of all the symbols in a library, use switch /LINKERMEMBER. Now, suppose you develop an export driver, but other drivers can't import the entry points that it exports. DUMPBIN's /EXPORTS switch shows you the names of all the exported entry points, and /IMPORTS shows you all the entry points that a driver is tryng to import. Using these two switches, you can quickly determine why the two drivers are not connecting. The /IMPORTS switch is also useful for exposing the list of system entry points that a driver requires. A driver that is trying to import a function that is not available cannot be loaded, and this is a common problem on Windows 98. Switch /DISASM displays a disassembly of the code in a module. The disassembler in DUMPBIN is not particularly good at distinguishing code from data, so this switch is not always useful. However, in cases where the source code is unavailable, this switch can give you an idea about how a driver or object module works. Finally, since DUMPBIN sometimes produces a great deal of output, use /OUT: to redirect the output to a file that can be searched with an editor, saved for later reference, or emailed to Technical Support. Back to technical tip start page. DriverCentral · DriverStudio · Free downloads · Resources · Support and Services · Shop NuMega Compuware NuMega · Tel: +1 603 578-8400 · Updated: 9 August 1999 · Problems? Contact our webmaster.