First of all, thank you for sharing this impressive service with the world. Great work!

Since you fiddled around with various versions of binaries and their symbols, specifically ntdll, perhaps you'll be able to help me make some sense out of it.

Let's take an example: a 32-bit ntdll.dll of Win10 1909 19H2. According to sha256sum.txt you used:

Here's that file on VT. File version: 10.0.18362.387. PDB symbol path: ntdll.pdb\ABC4BE7910AEF7197A3D325B26FA837A1\ntdll.pdb.

There's another, similar ntdll file that I posses:

Here's my file on VT. Same file version: 10.0.18362.387. PDB symbol path: wntdll.pdb\D85FCE08D56038E2C69B69F29E11B5EE1\wntdll.pdb. And the PDB has no struct information (a known issue, for this specific version too).

My questions:

• Why are there two different 32-bit ntdll files of the same file version?
• Did you deliberately choose the one you chose, or did it happen arbitrarily?
• Why is the PDB file name different, ntdll.pdb versus wntdll.pdb? What does the w stand for?
• Is there any list or database of all/many ntdll versions that were released by Microsoft, or at least timestamps so that I could download the files from the symbol server? I could download ISOs or use VirusTotal paid, but perhaps there's a better resource.

I understand that you don't work at Microsoft and you might not have the answers, but if you can shed some light on the above it will be really helpful.