Geoff Chappell - Software Analyst
Windows NT 4.0 is the last major Windows version for which the publicly available symbol files for the kernel give pathnames for the source files. Windows 2000 moved its debugging support to the Program Database (PDB) format and although it supplied .DBG files also, these do not have IMAGE_SYM_CLASS_FILE records in the COFF symbol table and therefore do not name source files. Though the PDB files for Windows 2000 have an early format, they do have a stream of section contributions. Then, as now, these provide only for associating addresses of routines and variables to object files and libraries. This is not so very different in practice, especially in later versions which give full pathnames, but it is not quite the same as naming the source files. In this sense then, Windows NT 4.0 ended a relative bounty of detail about how the kernel gets built. A bonus, possibly not intended, is that the .DBG files for the Windows NT 4.0 kernel also give line numbers!
As with the Windows NT 3.1 Source Tree, the pathnames as recorded in the .DBG files for Windows NT 4.0 are observed to be fully qualified for source files in C but only relative for assembly-language source files. The ordering of records in the COFF symbol table is much more plain for version 4.0, so that many assembly-language source files can be placed in the source tree with very high confidence. If you browse this page with scripts enabled, then you should be able to expand the branches that interest you and collapse those that don’t.
All the assembly-language source files that are not placed in the tree plainly belong somewhere under W:\NT\PRIVATE\SDKTOOLS\vctools\crt\crtw32, but I see in the symbol files no reasonably sure indication of exactly which subdirectory, and so I leave them unassigned.
For no known reason, the case-independent pathnames are recorded in the symbol files with several variations of case. What’s shown in the tree above is the most common: paths are in upper case as far as the SDKTOOLS subdirectory but not as far as ntos. Exceptions are noted in parentheses. Several files have NTOS in upper case. For several whole directories, all pathnames are wholly in lower case.
Not shown in the tree are 11 source files that are named just as obj\i386\pch_hdr.src. These look to be for the cache, config, ex, fsrtl, io, ke, lpc, mm, ob, pnp and ps subdirectories.
No source files for the kernel are compiled in place. This is because they are all intended to be compiled differently for different purposes. For the source files that the kernel draws from the C Run-Time (CRT), compilation occurs not in the directory that holds the source file but in a subdirectory named nt. For the one source file of material for the Local Security Authority (LSA), the compilation is in a subdirectory named kernel. Each subdirectory of ntos has in turn subdirectories named um and mp for single-processor and multi-processor builds, respectively, and these are the current directories at the time of compilation. This shows in the pathnames as actually recorded in the symbol files: for instance, what the tree above presents as path\source.c is path\up\..\source.c or path\mp\..\source.c in the symbol file.