I'm tired of the hassle of tying to debug 64-bit programs with messagebox.
x64_dbg (still under development) seemed like it would do what I want.
Show my code with symbols like softice used to do.
I tried putting the code in the linker to use the debugger and got an error.
"/debug/debugtype:cv/pdb"myproggie.pdb".
Question is now how to proceed. I think x64_dbg is not usable with GoLink.
It was suggested that I use other linkers.
Hi shankle,
you could try jWlink instead. Here is a link (http://web.archive.org/web/20140718113335/http://www.japheth.de/JWlink.html) for downloading it.
Gunther
Thank You Gunther for responding.
I know GoAsm has a program called GoDebug.
As far as I know it's only for 32-bit programs.
Am I correct???
Hi shankle,
GoBug is only 32-bit :
QuoteDebugger - "GoBug" - A free Win32 symbolic debugger for assembler programmers, together with "Testbug" its accompanying test program and Win32+assembler demo program. It is itself written entirely in assembler, using my assembler GoAsm and my linker GoLink.
Go to the GoBug site for more details and for free download here.
http://www.godevtool.com/
Thank you Vortex.
That settles that. Must learn to love the messagebox I guess.
messagebox is a painful way to debug, have you tried Donkey's vKim like tools: http://www.masmforum.com/board/index.php?topic=16317.0
also what is the output from the linker's when you used those arguments?
plus im wondering if there needs to be a space seperating the arguments, so:
/debug /debugtype:cv /pdb:"myproggie.pdb"
instead of
/debug/debugtype:cv/pdb"myproggie.pdb"
and the pdb arg might need the : as well
try it with jwlink and link and post up the console output to see if we can help figure it out for you
This is in reply to the request by Fearless.
In reference to Messageboxes: Painful is hardly adequate.
Set INCLUDE=e:\codejps
Set PATH=e:\codejps
GoAsm /x64/b/c someP64.asm
GoLink /unused someP64.obj
/debug/debugtype:cv/pdb:someP64.pdb
This is what the above generated:
E:\codejps>/debug /debugtype:cv/pdb:"someP64.pdb"
'/debug' is not recognized as an internal or external command
someP64 is in the codejps folder.
Other programs work with the above minus the
debug line.
Although I appreciate the work that Donkey has done
in the Vkim like tools and I applaud him for it,
it is way over my head.
I've never used jwlink.
if you don't like message boxes...
it's easy to add a status bar
then, a simple macro to put text in it
nice thing about that is, you don't have to acknowledge it with a click
does it complain if you just put /debug/debugtype:cv ?
also maybe try and specify a complete path like e:\codejps\myproject\myproject.pdb for the /pdb: argument and see if it likes that.
The vKim like tools shouldnt be too difficult to include, just add (for x64) in your source .asm
#define DBG64LIB "c:\GoAsm\dbg\Debug64.lib"
#define DEBUGEXE "c:\GoAsm\dbg\DbgWin.exe"
#include "c:\GoAsm\dbg\Debug64.a"
modify for where your GoAsm is, for example if its stored in codejps then create a dbg folder, and copy the .a, .lib and dbgwin.exe into it:
#define DBG64LIB "e:\codejps\dbg\Debug64.lib"
#define DEBUGEXE "e:\codejps\dbg\DbgWin.exe"
#include "e:\codejps\dbg\Debug64.a"
For x64 the debug.a (or debug.inc for x86) has all the macros that you use in it.
so for x86 masm i would use stuff like
Invoke MessageBox, hWnd, Addr szMsg, Addr szTitle, MB_OK
PrintDec eax ; shows return value in the DbgWin.exe program that will popup - or if its already running.
for x64 i dont know the specifics and for use with goasm, but i would imagine youll be using PrintQWORD macro's to see returned values
Other useful ones are PrintString, PrintStringByAddr, DumpMem, DbgDump
Maybe worth trying it out, will be 100 x better than messageboxes if you get it working:D
Thank you Fearless for responding.
I hate to see you spending so much time on this but I appreciate it.
answers:
/debug/debugtype:cv -- the system cannot find the path specified
/debug /debugtype:cv/e:\codejps\someP.asm\someP.pdb -- /debug is not
recognized as an internal or external command
Try placing it onto the end of the GoLink line of the batch file, instead of on its own line. It'ill probably require spaces before each / too
Yes i agree. Sounds like coz its on its own line its thinking your trying to run a /debug command or batch file, and when it cant find it, it complains
so maybe try the full line in a cmd window, with spaces before each argument switch the '/' part:
GoLink /unused someP64.obj /debug /debugtype:cv /pdb:someP64.pdb
and let us know the output of that, if that line works, then just replace that in your batch file.
4-11-2015
Here is the result you requested with the debug stuck
at the end of the GoLink.
e:\codejps>GoLink /unused someP64.obj /debug /debuggertype:
cv /pdb:"someP64.pdb"
error!
Please give debug type:-
coff = embedded coff symbols
dbg = coff symbols in dbg file
output file not made
Looking at the golink manual online (http://s.walters.free.fr/Esial/ECGo/GoAsm/Help/GoLink.htm (http://s.walters.free.fr/Esial/ECGo/GoAsm/Help/GoLink.htm)) it appears golink only supports /debug coff and no other options.
GoLink /unused someP64.obj /debug coff
should add debugging information to the exe, but i dont know if this will be enough for the x64dbg debugger.
I looked at pelles c polink, jwlink and a few others but i cant see an option for a pdb file. The only one that will have it is the one from a visual c package (in a visual studio distribution)
You might have to download a visual studio of some type - express edition or whatever and copy the 64bit link.exe from that to wherever you goasm stuff is located. In the visual studio stuff the 64bit link.exe is normally located in C:\Program Files (x86)\Microsoft Visual Studio X\VC\BIN\amd64\link.exe - where X is the visual studio version.
Or maybe someone can put together a 64bit version for you from someone who has visual studio installed - it would need all the dependent .dlls in a package for use.
Quote from: fearless on April 12, 2015, 09:50:59 AM
You might have to download a visual studio of some type - express edition or whatever and copy the 64bit link.exe from that to wherever you goasm stuff is located.
- That one doesn't work for me either. When used with /debug complains "incorrect MSDB100.DLL version" but I have the correct version. Re-loaded it to make sure. Works fine for everything but /debug, Bill only knows why.
I could zip it and post it but, aren't there copyright issues involved? Don't want to get hutch in trouble :) But if someone can assure me it's legal I'd be happy to do so - altho like I say it doesn't work anyway
Thanks for your efforts Fearless.
Looks hopeless.
Have to much time invested in GoAsm to give it up now.
I downloaded Visual Studio (can't find out how to use it yet....)
Moved "link.exe" from Visual Studio and put it in "codejps".
Set INCLUDE=e:\codejps
Set PATH=e:\codejps
GoAsm /x64/b/c someP64.asm
;GoLink /unused someP64.obj /debug /debugtype:cv /pdb:"someP64.pdb"
GoLink /unused someP64.obj /debug coff /debugtype:cv /pdb:"someP64.pdb"
The above gave the following error:
ERROR!
did not recognize a switch: - /debugtype
Output file not made
ms link 9 needs these files to make pdb:
link.exe
mspdb80.dll
mspdbcore.dll
mspdbsvr.exe
msobj80.dll
commandline:
link.exe Hello64World1_64.obj -entry:START -subsystem:console kernel32.lib -debug
Thanks Twell for responding.
Not sure I understand your post.
Does it apply to GoLink?
Where do I put the .dlls you listed?
Are they part of Visual Studio?
I'm pretty sure that Link.exe will not work in GoAsm.
My test was using GoAsm.exe , MS link.exe and x64_dbg.exe .
x64_dbg.exe show symbols START RCKEEP GetStdHandle WriteFile Message.
And link.exe and dlls was same folder.
Hello64World1_64.asm
;------------------------------------------------------------------
;
; Hello64World1 - copyright Jeremy Gordon 2005-6
;
; SIMPLE "HELLO WORLD" WINDOWS CONSOLE PROGRAM - for GoAsm 64-bits
;
; Assemble using GoAsm /x64 Hello64World1 (produces PE COFF file)
; Then link as windows console program using GoLink as follows:-
; GoLink /console hello64world1.obj kernel32.dll
; (add -debug coff if you want to watch the program in the debugger)
;
; Note that the GetStdHandle and WriteFile calls are to kernel32.dll
;------------------------------------------------------------------
;
DATA SECTION
;
ALIGN 8 ;align qword following on 8-byte boundary
RCKEEP DQ 0 ;temporary place to keep things
Message DB 'Hello 64 World (from GoAsm)'
;
CODE SECTION
;
START:
ARG -11 ;STD_OUTPUT_HANDLE
INVOKE GetStdHandle ;get, in rax, handle to active screen buffer
;********************
ARG 0,ADDR RCKEEP ;RCKEEP receives output from API
ARG 27 ;length of string
ARG ADDR Message,RAX ;rax=handle to active screen buffer
INVOKE WriteFile
XOR RAX,RAX ;return zero
RETSo don't give up yet.
If you are going that route, you will need to use the GoAsm /ms conmmand line switch to decorate symbols for link.exe, which will also require LIB files for importing functions.
Have you tried the debugger with Pelles C?
Thank you for responding WJR.
I have no idea what route I should take.
What lib files do I need to import?
I have not tried Pelles C debugger
4-12-2015
To Twell
I have been unable to find the ".dlls" you referenced in #16.
Set INCLUDE=e:\codejps
Set PATH=e:\codejps
GoAsm /x64/b/c/ms someP64.asm
GoLink /console someP64.obj kernel32.dll -debug coff
Using the above I got this result:
e:\codejps>GoLink /console someP64.obj kernel32.dll -debug coff
output file: someP.exe <with embedded coff debug symbols>
Wjr said I need to put a switch in GoAsm: /MS (command line switch)
This is the error I got when I added this switch:
Could not open an input file <_msvcrt.dll>
output file not made
Quote from: shankle on April 13, 2015, 04:17:51 AM
To Twell
I have been unable to find the ".dlls" you referenced in #16.
C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE ?
Microsoft Visual C++ 2010 Service Pack 1 Compiler Update for the Windows SDK 7.1 here (http://www.microsoft.com/en-us/download/details.aspx?id=4422)
Thanks again Twell,
I just downloaded Visual Studio 13 and have MVS 11 and 12.
So I should uninstall MVS 13 and install MVS 10 - RIGHT?
Quote from: shankle on April 13, 2015, 04:37:08 AM
So I should uninstall MVS 13 and install MVS 10 - RIGHT?
No, use that linker.
MSVS 2013:
link.exe
1033\linkui.dll
mspdb120.dll
mspdbcore.dll
mspdbsvr.exe
msobj120.dll
msvcp120.dll
msvcr120.dll
11 dumpbin.exe 24736 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
12 editbin.exe 24736 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
13 lib.exe 24720 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
14 link.exe 856208 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
16 ml.exe 438920 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
17 mspdb120.dll 259232 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
18 mspdbsrv.exe 125088 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
19 mspdbcore.dll 376488 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
21 msobj120.dll 94880 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
22 nmake.exe 102040 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\ vc_CompilerCore86.cab
2 linkui.dll 79512 12.0.21005.1 Program Files\Microsoft Visual Studio 12.0\VC\bin\1033\ vc_CompilerCore86Res.cab
Thanks again TWell.
I found and put all the latest files you suggested from VS 2013 in c:\codejps.
Of course some of those files had many of the same name and I choose one of them.
This is the result I got after that:
Could not open an input file <_msvcrt.dll>
needed for forced dll or import by ordinal.
I did look for this .dll but could not find it,
Using commands:
GoAsm.exe /x64 Hello64World1_64.asm
link.exe Hello64World1_64.obj -entry:START -subsystem:console kernel32.lib -debug
Hello64World1_64.exe was created.
GoAsm /ms option doesn't work in x64 mode ?
Thanks for finding that one, it currently does not work for the case of ARG before INVOKE. This will work in the soon upcoming GoAsm v0.60.0.0 (I still need to fix something for the /x86 /ms case).
It currently does work if you do not use ARG and place all function arguments after INVOKE.
4-14-2015
Ok, got a clean compile after taking out the GoAsm /ms switch.
Got a lot of "ntdll" and none of my code. I was at this point many posts
previous. Nothing shows in "source".
Quote from: shankle on April 15, 2015, 03:39:40 AM
Got a lot of "ntdll" and none of my code.
Just hit F9 once, like in Olly.
Thanks JJ.
Getting better but a long way from something useful.
Seeing assembler instructions but not my code.
I can see the messages I put in messageboxes.
I see a ton of basethreadthunk messages.
No symbols from my program.
Ideal way would be to see my code in the right panel
and the GoAsm interpretation of my code in the left panel.
Possible that I am doing something wrong.......
Here is a snipit of what I see:
000000007720733F | 41 8B 81 A4 00 00 00 | mov eax,dword ptr ds:[r9+A4] |
0000000077207346 | 89 82 A4 00 00 00 | mov dword ptr ds:[rdx+A4],eax |
000000007720734C | 41 8B 81 AC 00 00 00 | mov eax,dword ptr ds:[r9+AC] |
0000000077207353 | 89 82 AC 00 00 00 | mov dword ptr ds:[rdx+AC],eax |
0000000077207359 | 41 8B 81 A8 00 00 00 | mov eax,dword ptr ds:[r9+A8] |
0000000077207360 | 89 82 A8 00 00 00 | mov dword ptr ds:[rdx+A8],eax |
0000000077207366 | 41 8B 81 B0 00 00 00 | mov eax,dword ptr ds:[r9+B0] |
000000007720736D | 89 82 B0 00 00 00 | mov dword ptr ds:[rdx+B0],eax |
0000000077207373 | B9 04 00 01 00 | mov ecx,10004 |
0000000077207378 | 41 8B C0 | mov eax,r8d |
000000007720737B | 23 C1 | and eax,ecx |
000000007720737D | 3B C1 | cmp eax,ecx |
000000007720737F | 75 34 | jnz ntdll.772073B5 |
0000000077207381 | 41 8B 81 8C 00 00 00 | mov eax,dword ptr ds:[r9+8C] |
0000000077207388 | 89 82 8C 00 00 00 | mov dword ptr ds:[rdx+8C],eax |
000000007720738E | 41 8B 81 90 00 00 00 | mov eax,dword ptr ds:[r9+90] |
0000000077207395 | 89 82 90 00 00 00 | mov dword ptr ds:[rdx+90],eax |
000000007720739B | 41 8B 81 94 00 00 00 | mov eax,dword ptr ds:[r9+94] |
00000000772073A2 | 89 82 94 00 00 00 | mov dword ptr ds:[rdx+94],eax |
00000000772073A8 | 41 8B 81 98 00 00 00 | mov eax,dword ptr ds:[r9+98] | ;[r9+98]:RtlAddRefMemoryStream
00000000772073AF | 89 82 98 00 00 00 | mov dword ptr ds:[rdx+98],eax |
00000000772073B5 | B9 08 00 01 00 | mov ecx,10008 |
00000000772073BA | 41 8B C0 | mov eax,r8d |
00000000772073BD | 23 C1 | and eax,ecx |
00000000772073BF | 3B C1 | cmp eax,ecx |
00000000772073C1 | 75 13 | jnz ntdll.772073D6 |
00000000772073C3 | 48 8D 4A 1C | lea rcx,qword ptr ds:[rdx+1C] |
00000000772073C7 | 49 8D 51 1C | lea rdx,qword ptr ds:[r9+1C] | ;r9+1C:L"che"
00000000772073CB | 41 B8 70 00 00 00 | mov r8d,70 |
00000000772073D1 | E8 1A 73 FA FF | call <ntdll.RtlMoveMemory> |
00000000772073D6 | B9 10 00 01 00 | mov ecx,10010 |
00000000772073DB | 8B C6 | mov eax,esi |
00000000772073DD | 23 C1 | and eax,ecx |
00000000772073DF | 3B C1 | cmp eax,ecx |
Normally, I insert an int 3 command where I want to stop, and then hit F9 until the debugger stops there.
From Breakpoints double click entry breakpoint and then press F4 Run until selection.