DbgPrint

[jj2007]

Sometimes I see this in Olly, typically inside HeapFree or HeapRealloc:

0038F8A1  65 61 70 20|62 6C 6F 63|6B 20 61 74|20 30 30 33| eap block at 003
0038F8B1  45 42 30 38|30 20 6D 6F|64 69 66 69|65 64 20 61| EB080 modified a
0038F8C1  74 20 30 30|33 45 43 30|38 38 20 70|61 73 74 20| t 003EC088 past
0038F8D1  72 65 71 75|65 73 74 65|64 20 73 69|7A 65 20 6F| requested size o
0038F8E1  66 20 31 30|30 30 0A 00|00 3E 00 00|00 00 00 DC| f 1000

Apparently, DbgPrint sents it to the VS debugger output window. My question: Can we use this feature in MASM, e.g. by enabling debug mode, redirecting that stream to the console, ...?

[GoneFishing]

Maybe link against debug version of crt as MS VC does?

...
redirecting that stream to the console, ...?

Use DbgView instead

[sinsi]

Use a combination of OutputDebugString and DebugView?

[jj2007]

Thanks. So far no luck, can't see that output in DebugView. Linking against debug CRT doesn't make sense, as this is not CRT but rather Win32 standard API calls like HeapAlloc etc :(

[GoneFishing]

Thanks. So far no luck, can't see that output in DebugView. Linking against debug CRT doesn't make sense, as this is not CRT but rather Win32 standard API calls like HeapAlloc etc :(

Interesting . I'd look which module does that DbgPrint . Could you upload simple example (for Windows XP) reproducing it?

P.S.: In my first reply I mistakenly named SysInternals' DebugView ( really what I meant)  as DbgView

[jj2007]

Here it is. Uncomment the ; int 3 to see the difference.

include \masm32\include\masm32rt.inc

.code
start:
  mov esi, rv(GetProcessHeap)
  invoke HeapAlloc, esi, 0, 20
  push eax
  xchg eax, edi
  m2m ecx, 20+1      ; FOUL!!
  rep stosb
  ; int 3
  invoke HeapValidate, esi, 0, 0
  print LastError$()
  pop eax
  invoke HeapFree, esi, 0, eax
  print LastError$()
  exit
end start

Here is the relevant bit when using the int 3:

Code Select Expand

77CF0B09           Ú$  8BFF               mov edi, edi                  ; ntdll.77CF0B09(guessed Arg1)
77CF0B0B           ³.  55                 push ebp
77CF0B0C           ³.  8BEC               mov ebp, esp
77CF0B0E           ³.  64:A1 18000000     mov eax, fs:[18]
77CF0B14           ³.  8B40 30            mov eax, [eax+30]
77CF0B17           ³.  8078 02 00         cmp byte ptr [eax+2], 0
77CF0B1B           ³. 74 17              je short 77CF0B34
77CF0B1D           ³.  8B45 08            mov eax, [ebp+8]
77CF0B20           ³.  C605 8582D277 01   mov byte ptr [77D28285], 1
77CF0B27           ³.  A3 8082D277        mov [77D28280], eax
77CF0B2C           ³.  CC                 int3
77CF0B2D           ³.  C605 8582D277 00   mov byte ptr [77D28285], 0
77CF0B34           ³>  5D                 pop ebp
77CF0B35           À.  C2 0400            retn 4

Register edx points to:

Code Select Expand

0018FC11  65 61 70 20|62 6C 6F 63|6B 20 61 74|20 30 30 35| eap block at 005
0018FC21  30 33 44 35|30 20 6D 6F|64 69 66 69|65 64 20 61| 03D50 modified a
0018FC31  74 20 30 30|35 30 33 44|36 43 20 70|61 73 74 20| t 00503D6C past
0018FC41  72 65 71 75|65 73 74 65|64 20 73 69|7A 65 20 6F| requested size o
0018FC51  66 20 31 34|                                     f 14

[GoneFishing]

Thanks .I'll go and play with it now

[GoneFishing]

After some playing  my guess is that we may simulate a debugger in order to intercept debugging messages.
What if create a simple launcher which will create process  for your test app with DEBUG flags ?

[EDIT] That is we might write a small debugger like this Writing the Debugger's Main Loop and handle only OUTPUT_DEBUG_STRING_EVENT

[jj2007]

Ehm, that looks like a bit of work ::)

[GoneFishing]

Use C++ 
Creating Processes

[jj2007]

C++? Too simple - try this one

include \masm32\MasmBasic\MasmBasic.inc      ; download
  Init
  int 3   ; somewhere down there is a CreateProcess call...
  Launch "Notepad.exe"
EndOfCode

[GoneFishing]

I compiled quick and dirty example from mentioned above C++ snippets.
CreateProcess.exe - launcher for DbgPrint.exe ( compiled from your source ).
I get 2  error messages from  MS VC++  Debug Library and WER window ( see screenshots in attachment) and some promising output :

HEAP[DbgPrint.exe]:

[EDIT] Note that when I start CALC.EXE with my launcher I don't get any error message boxes .

Weird problems with my keyboard didn't let me accomplish the task in single evening  :(
To be continued

[sinsi]

Works for me 

[GoneFishing]

BINGO!
run:

Code Select Expand

CreateProcess DbgPrint.exe
get:

HEAP[DbgPrint.exe]:
Heap block at 001429B8 modified at 001429D4 past requested size of 14

The operation completed successfully.
HEAP[DbgPrint.exe]:
Heap block at 001429B8 modified at 001429D4 past requested size of 14

HEAP[DbgPrint.exe]:
Invalid Address specified to RtlFreeHeap( 00140000, 001429C0 )

The operation completed successfully.

Enjoy

**** NOTICE: Tested on Windows XP 32 ****

[jj2007]

**** NOTICE: Tested on Windows XP 32 ****

**** NOTICE: Tested on Windows 7 64 ****

Thanks :t

(your version choked with side by side error; so I recompiled it for Win7-64)