symstore.exe
- File Path:
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\symstore.exe
- Description: Symbol Server Builder
Hashes
Type | Hash |
---|---|
MD5 | 1903CF11FA6A75A375DEF2972A62B0E4 |
SHA1 | 086FE1303ADD5EE2BEE80A54B035F0F28029C769 |
SHA256 | ED986351C69C556416A950744C2209C136812F3CBB376A1FBF15FE11607C39C4 |
SHA384 | A26DB11597031580658379806B92F46C211EC9A67ADD9201CA6E1C4BE724F2EFA5B1378FDB13C05775940D7597900C1B |
SHA512 | 438B4CFDE559697ED9C2DEF809E11BFF8FE899755992050429833297AC72282A8B974BE152985CC1C8AF69560F5C42A5CA4C558B733F218167C7E667C753D750 |
SSDEEP | 1536:lsJtYgBwZX/Eu6tZsbLFxDB9PL6DhL2b5c3exo06nOv8i37:latYg6Z0jsVh3tbyexZ6ni53 |
IMP | A93EF732C8E3E2DEB456943D297AEADA |
PESHA1 | 74D33C8CF04E65C5EC9384615D2A711C10EC2CDA |
PE256 | 93A1A5E448C715F363611E72DCEE56473C17E826748B98E4A270E1BD0609CA34 |
Runtime Data
Usage (stdout):
Usage:
symstore add [/r] [/p] [/l] /f File /s Store /t Product [/v Version]
[/c Comment] [/d LogFile] [/compress]
symstore add [/r] [/p] [/l] [/q] /g Share /f File /x IndexFile [/a] [/d LogFile]
symstore add /y IndexFile /g Share /s Store [/p] /t Product [/v Version]
[/c Comment] [/d LogFile] [/compress]
symstore del /i ID /s Store [/d LogFile]
symstore query [/r] [/o] /f File /s Store
add Add files to server or create an index file.
del Delete a transaction from the server.
query Check if file(s) are indexed on the server.
/3 Create index2.txt when populating a new symbol server.
/f File Network path of files or directories to add.
If the named file begins with an '@' symbol, it is treated
as a response file which is expected to contain a list of
files (path and filename, 1 entry per line) to be stored.
/g Share This is the server and share where the symbol files were
originally stored. When used with /f, Share should be
identical to the beginning of the File specifier. When
used with the /y, Share should be the location of the
original symbol files, not the index file. This allows
you to later change this portion of the file path in case
you move the symbol files to a different server and share.
/i ID Transaction ID string.
/l Allows the file to be in a local directory rather than a
network path.(This option is only used with the /p option.)
/p Causes SymStore to store a pointer to the file, rather than
the file itself.
/q Don't quote fields in the index file.
/r Add files or directories recursively.
/s Store Root directory for the symbol store.
/t Product Name of the product.
/v Version Version of the product.
/c Comment Comment for the transaction.
/d LogFile Send output to LogFile instead of standard output.
/x IndexFile Causes SymStore not to store the actual symbol files in the
symbol store. Instead, information is stored which will
allow the files to be added later.
/y IndexFile This reads the data from a file created with /x.
/yi IndexFile Append a comment with the transaction ID to the end of the
index file.
/z pub | pri Pub option will only index symbols that have had the full
source information stripped. Pri will only index symbols
that contain the full source information. Both options
will index binaries.
/m <prefix> Give preference to files which have <prefix> at the beginning
of their path when storing/updating pointers.
/h pub | pri Give priority to pub or pri.
/a Causes SymStore to append new indexing information
to an existing index file. (This option is only used with
/x option.)
/o Give verbose output.
-:MSG [msg] When storing pointers, also add the provided message to the
file.ptr
-:REL Allow file.ptr paths to be relative. Implies '/l' also.
-:NOREFS Only valid during intial store creation or when used on a
store previously created with the -:NOREFS option. Omits the
creation of refs.ptr files for files and pointers stored.
Use of a store without refs.ptr precludes the ability to do
prioritization and the ability to delete transactions from the
store.
-:NOFORCECOPY
/compress When storing files, store compressed files on the server. Ignored
when storing pointers.
Child Processes:
csrss.exe wininit.exe
Loaded Modules:
Path |
---|
C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\symstore.exe |
C:\Windows\System32\KERNEL32.DLL |
C:\Windows\System32\KERNELBASE.dll |
C:\Windows\SYSTEM32\ntdll.dll |
Signature
- Status: Signature verified.
- Serial:
33000002CF6D2CC57CAA65A6D80000000002CF
- Thumbprint:
1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
- Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: SYMSTORE.EXE
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/ed986351c69c556416a950744c2209c136812f3cbb376a1fbf15fe11607c39c4/detection
MIT License. Copyright (c) 2020-2021 Strontic.