[Compuware Corporation] [Compuware NuMega home page]                [NuMega Lab]
[teal]

 [DriverStudio]    [Image][Image]
   Home
 [Driver Products]        Driver Technical Tips
   DriverStudio          Solving Driver Problems with Microsoft's DUMPBIN
   DriverBundle          Utility
   Previews
   Compatibility         It's surprising how many developers are unaware of
 [Downloads]             the very useful DUMPBIN utility that comes with
                          Microsoft Visual C++. DUMPBIN displays information
 Wizards                  about several formats of executable files. Included
   Utilities             among those formats are the two most relevant to
   NT source             driver developers, namely the PE format of NT and WDM
 examples                 drivers, and the LE format of VxDs. Furthermore,
   VxD source            DUMPBIN can even dump .LIB and .OBJ files in COFF
 examples                 format.
   WDM source
 examples                 Knowing how to use DUMPBIN effectively can help you
 [Resources]             to optimize your driver, and to solve a variety of
 Technical papers         programming problems. DUMPBIN can selectively display
   Useful links          a wide variety of information stored in a file.You
   Technical tips        can control what information is dumped using the
 [Support]               following command line switches:
 Support                  /ALL
   Knowledge base        /ARCH
   Problem               /ARCHIVEMEMBERS
 submission               /DEPENDENTS
   Product               /DIRECTIVES
 registration             /DISASM
   Release notes         /EXPORTS
 [Shop NuMega]           /FPO
 Buy it!                  /HEADERS
   Price list            /IMPORTS
   How to buy            /LINENUMBERS
   Sales offices         /LINKERMEMBER[:{1|2}]
                          /LOADCONFIG
                          /OUT:filename
 [Y2K Compliance]         /PDATA
                          /RAWDATA[:{NONE|BYTES|SHORTS|LONGS}[,#]]
                          /RELOCATIONS
 [More information]       /SECTION:name
                          /SUMMARY
                          /SYMBOLS

                          Let's take a closer look at a few of the most useful
                          switches:

                          /HEADERS displays information about each section of
                          the image. This information includes the image name,
                          size, virtual address, and attributes of the section.
                          This switch is useful for determining which sections
                          of your driver are consuming the most memory. Here is
                          some sample output from the dump of a kernel mode
                          driver:

                          SECTION HEADER #4
                          PAGE name
                          1DF2 virtual size
                          5100 virtual address
                          1E00 size of raw data
                          5100 file pointer to raw data
                          0 file pointer to relocation table
                          0 file pointer to line numbers
                          0 number of relocations
                          0 number of line numbers
                          60000020 flags
                          Code
                          Execute Read

                          The code section described by the above is named
                          'PAGE', and has a virtual size of 0x1DF2 bytes,
                          although the file actually stores 0x1E00 bytes for
                          proper file alignment.The address of the section is
                          0x5100 with respect to the start of the image. The
                          flags indicate that it is a code section, with
                          'execute' and 'read' attributes. If you want to
                          display a brief summary of the all the sections,
                          including their respective sizes, use /SUMMARY (this
                          is the default action if no switches are specified on
                          the command line).

                          /SYMBOLS dumps the symbols. This is useful when you
                          are trying to figure out which library or which
                          object file contains a particular symbol. It can also
                          tell you how the compiler has decorated or 'mangled'
                          a variable name. This kind of information is helpful
                          in resolving problems of mismatched function types,
                          or misspelled variable names. You can also dump the
                          symbols from the libraries of the DDK (e.g.
                          NTOSKRNL.LIB), which will reveal the existence of
                          many entry points that are not documented in the DDK.
                          To get a list of all the symbols in a library, use
                          switch /LINKERMEMBER.

                          Now, suppose you develop an export driver, but other
                          drivers can't import the entry points that it
                          exports. DUMPBIN's /EXPORTS switch shows you the
                          names of all the exported entry points, and /IMPORTS
                          shows you all the entry points that a driver is tryng
                          to import. Using these two switches, you can quickly
                          determine why the two drivers are not connecting. The
                          /IMPORTS switch is also useful for exposing the list
                          of system entry points that a driver requires. A
                          driver that is trying to import a function that is
                          not available cannot be loaded, and this is a common
                          problem on Windows 98.

                          Switch /DISASM displays a disassembly of the code in
                          a module. The disassembler in DUMPBIN is not
                          particularly good at distinguishing code from data,
                          so this switch is not always useful. However, in
                          cases where the source code is unavailable, this
                          switch can give you an idea about how a driver or
                          object module works.

                          Finally, since DUMPBIN sometimes produces a great
                          deal of output, use /OUT: to redirect the output to a
                          file that can be searched with an editor, saved for
                          later reference, or emailed to Technical Support.

                          Back to technical tip start page.

  DriverCentral  DriverStudio  Free downloads  Resources  Support and
                          Services  Shop NuMega
     Compuware NuMega  Tel: +1 603 578-8400  Updated: 9 August 1999 
                      Problems? Contact our webmaster.
