When working with symbols, the default case is that you either analyze the current process, a concurrently running process or maybe even the kernel. dbghelp provides special support for these use cases and getting the right symbols to load is usually easy – having access to the process being analyzed, dbghelp can obtain the necessary module information by itself and will come up with the matching symbols. Things are not quite as easy when analyzing symbols for a process (or kernel) that is not running any more or executes on a different machine.
The documentation of the SYMBOL_INFO structure used by dbghelp contains a glitch. As the structure is of variable length, the documentation for SizeOfStruct states: Size of the structure, in bytes. This member must be set to sizeof(SYMBOL_INFO). Note that the total size of the data is the SizeOfStruct + MaxNameLen - 1. The reason to subtract one is that the first character in the name is accounted for in the size of the structure.