symstore.exe calculates hash directory names as follows:
For PDB files, use GUID + Age. Here is a python example:
pdb = pdbparse.parse("some.pdb")
pdb.STREAM_PDB.load()
guid = pdb.STREAM_PDB.GUID
guid_str = "%.8X%.4X%.4X%s" % (guid.Data1, guid.Data2, guid.Data3,
guid.Data4.encode("hex").upper())
symstore_hash = "%s%s" % (guid_str, pdb.STREAM_PDB.Age)
PE (exe/dll) TimeDateStamp ( IMAGE_FILE_HEADER) SizeOfImage ( IMAGE_OPTIONAL_HEADER). python:
pe = pefile.PE("some.exe")
symstore_hash = "%X%X" % (pe.FILE_HEADER.TimeDateStamp,
pe.OPTIONAL_HEADER.SizeOfImage)
python script, - symstore PDB PE:
https://gist.github.com/lennartblanco/9a70961a5aa66fe49df6