The MASM Forum

hi everyone im trying to debug my own source code and im trying out olly and windbg

im having problems getting started on either program

neither wont load my executable and start at the beginning of my source
what am I doing wrong :dazzled:

olly is a good way to go

pick a folder, where you want olly to reside permanently
as, it does not "install", per se (no setup installer)
example: C:\Program Files\OllyDbg2
i put the 2 on there, as some of us like to be able to use version 1 or version 2

run the program
Options - Options - Debugging - Just-In-Time
click the "Set OllyDbg" button
close Olly
this sets olly as the default JIT debugger
you may be used to seeing Dr Watson come up when a program crashes
now, Olly will, instead
you can always go back to the Options menu and set it back to whatever you had previously

now, to make Olly pop up intentionally, place an INT 3 instruction in your program
run your program normally, when it encounters the INT 3, Olly will pop up
the INT 3 generates an exception

of course, other exceptions will also cause olly to pop up
so - if you try to execute some illegal instruction - bang, olly

from there, you can use F7 or F8 to single step, or F9 to continue
F7 will trace through API functions, F8 will just execute them, tracing only the higher level

thanks but it doesn't seem to work
I have ollydbg1.0.10.0
I have a options-just in time debugging in my menu but it comes up with "jit debugger is *" * is a series of characters that are not on my keyboard

ill try olly2

you can also set it up manually

if you are running a 64-bit OS, you will have similar registry entries at:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger

but, on my 32-bit OS, it looks like this:
(http://img690.imageshack.us/img690/3047/aedebug.png)

I got olly 2 to work sort of it comes up but no source file is found and I don't seem to be able to load it
olly 1 had a source window but I cant find it on olly2

i don't think olly 2 supports symbols, yet
never tried it - i run with the big dogs - lol

my understanding is that he is working on adding it to v2
but, that's why some like to run olly v1

i generally know what i am looking at   :redface:

 :( that was the one feature I wanted really do you know how to get windbg working by any chance

Quote from: dedndave on March 28, 2013, 02:52:35 PM
i don't think olly 2 supports symbols, yet

It does, it does - you just have to find it among the options ;-)

Quote from: flipflop1 on March 28, 2013, 02:54:50 PM
:( that was the one feature I wanted really do you know how to get windbg working by any chance

WinDbg is simple. It stops at the initial breakpoint. At this point, just einter "g start" ( assuming that "start" is your program's entry point ).

IIRC it will open the source file automatically when the entry point is hit.

QuoteWinDbg is simple

Not so simple as it may seem . Especially for the beginner.In fact WinDbg is very powerful debugger allowing lots of advanced debugging techniques.

QuoteIIRC it will open the source file automatically when the entry point is hit.

That's right, it will

WinDbg is also very clever - it remembers your last session or you may  save it to the workspace file (.WEW)
 

Quote from: jj2007 on March 28, 2013, 05:49:03 PM
It does, it does - you just have to find it among the options ;-)

well had a look but I still cant find source window and source does not appear in source files could you tell me where abouts I should be looking or is this another error with my assembly and linking settings they are supposed to be set up for windbg

QuoteWinDbg is simple. It stops at the initial breakpoint. At this point, just einter "g start" ( assuming that "start" is your program's entry point ).

Bp expression 'start' could not be resolved, adding deferred bp
*** Bp expression 'start' contains symbols not qualified with module name.
(1240.1268): Break instruction exception - code 80000003 (first chance)
eax=76c13398 ebx=7efde000 ecx=00000000 edx=00401000 esi=00000000 edi=00000000
eip=0040100b esp=0018ff74 ebp=0018ff84 iopl=0         nv up ei pl nz na pe cy
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000207
image00400000+0x100b:
0040100b cc              int     3

cant get it to load executable automatically either

Quote from: flipflop1 on March 29, 2013, 12:08:10 AM

Quote from: jj2007 on March 28, 2013, 05:49:03 PM
It does, it does - you just have to find it among the options ;-)

well had a look but I still cant find source window and source does not appear in source files

Build with
/Zi for the assembler (ML 6.14, 6.15, JWasm, NOT ML 8.0...11.0)
/debug for the linker (link 5.12 as supplied with Masm32, NOT polink)
Then launch Olly 2.0, go to Options:
- Code: Show symbolic addresses
- Analysis: Try the options in the lower half

Here is an example of variable names you should see (in red):

00401324  \.  E8 5B0D0000   call ExitProcess                         ; \KERNEL32.ExitProcess
MbXls      $  55            push ebp                                 ; MB2DDE2Xls.MbXls(pCommand,mode)
0040132A   .  8BEC          mov ebp, esp
0040132C   .  83C4 FC       add esp, -4
0040132F   .  56            push esi
00401330   .  57            push edi
00401331   .  53            push ebx
00401332   .  51            push ecx
00401333   .  CC            int3
00401334   .  C745 FC 23010 mov dword ptr [ebp-4], 123
0040133B   .  BF 1A1C4000   mov edi, 00401C1A                        ; Entry point
00401340   .  8B75 08       mov esi, dword ptr [ebp+8]
00401343   .  BB 38984000   mov ebx, offset ddeData
00401348   .  91            xchg eax, ecx
00401349   .  8925 36FA4000 mov dword ptr [EspGlob], esp

thanks for your help but I am still looking for more of a source code view as my project will reach several thousand lines of code it compiles fine and will run as well so bugs are harder to find I will try windbg again

First, make sure that YourAppName.pdb file is present in  your project's folder along with YourAppName.asm and YourAppName.exe
Then check if the label "start" exists in your code. If not - try
bp main
or whatever label  ( proc, function ) name you use in your code

cheers got it working but had to add couple more command line options to my assembly line
:greenclp:

Congratulations!
And how did you like WinDbg?

great   :t
what are your ML and LINK command lines ?

windbg is very complicated and could use a little user friendliness (double click breakpoints on source screen and register values displayed better in more than one format -  took me a while to find the zero flag) but if olly had source code debug then I would be straight there it just seems less cluttered and it was alot easier to set up(olly 2 was up in ten minutes)

my args for windbg
ml /Zd /Zi /Zf /coff /c myprog.asm
link /debug /subsystem:windows /debugtype:coff /verbose myprog.obj rsrc.obj >>the rsrc.obj seems to be very important

thanks for the info
not that i use WinDbg, but it may help others in the future   :t

yes - the resource file can be critical for some programs   :P

It took me a long time to get  acquainted with WinDbg.
But by now  more I learn it more I like it . Though I use Olly sometimes either.
   

Quotetook me a while to find the zero flag

Simply type:
r zf
or you may set the option when all the registers being changed will appear topmost in the list
or even customize the order of the registers in the list

I'd say WinDbg is  fully customizable and widely extensible

Quote from: flipflop1 on March 29, 2013, 02:31:43 AM
ml /Zd /Zi /Zf /coff /c myprog.asm
link /debug /subsystem:windows /debugtype:coff /verbose myprog.obj rsrc.obj >>the rsrc.obj seems to be very important

Using "/debugtype:coff" is not a good idea. It restricts the symbolic debug info to what may be found in the COFF symbol table - and Masm will only put "global" symbols in this table. If you also want to see and change local variables, don't use this option ( and, additionally, it has been removed in more recent linkers ).

In the MASM32 help Chapter I there's an old good article about debugging with SoftIce.
All ML and Link command lines can be  found there.

is soft ice free?

what settings should I use instead of /coff

AFAIK it was not free and it's out of date now. But the article is still useful.
It tells us to use :CV option  ;)
I use it and feel fine

maybe what we need is a little converter program that creates the right type of symbol files for olly and windbg
i don't suppose the formats are well documented   :P

i hear softice is good, if you can get it

i am a simple guy - if i can see the disassembled asm, i can find my way around
it's not like i am going to spend a lot of time in a debugger (hopefully)
but, for those who are new to asm, it might be nice

windbg does not like the cv option as it does not produce a pdb file for the executable

I will play abit to see if it will produce anything

Quotei don't suppose the formats are well documented

Maybe DIA SDK incorporates some docs?

Quotewindbg does not like the cv option as it does not produce a pdb file for the executable

My WinDbg likes it  :biggrin:

http://msdn.microsoft.com/en-us/library/aa270751%28v=vs.60%29.aspx (http://msdn.microsoft.com/en-us/library/aa270751%28v=vs.60%29.aspx)

ok got it to produce the pdb file however windbg does not like it

I get this
Microsoft (R) Windows Debugger Version 6.2.9200.20512 X86
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: C:\masm32\prime.exe
Symbol search path is: C:\Symbols;srv*
Executable search path is: srv*
ModLoad: 00400000 00405000   image00400000
*** Unable to resolve unqualified symbol in Bp expression 'start' from module 'ntdll.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'MAIN' from module 'ntdll.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'start' from module 'ntdll.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'mains' from module 'ntdll.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'main' from module 'ntdll.dll'.
ModLoad: 77710000 77890000   ntdll.dll
*** Unable to resolve unqualified symbol in Bp expression 'start' from module 'C:\Windows\syswow64\kernel32.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'MAIN' from module 'C:\Windows\syswow64\kernel32.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'start' from module 'C:\Windows\syswow64\kernel32.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'mains' from module 'C:\Windows\syswow64\kernel32.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'main' from module 'C:\Windows\syswow64\kernel32.dll'.
ModLoad: 76c00000 76d10000   C:\Windows\syswow64\kernel32.dll
*** Unable to resolve unqualified symbol in Bp expression 'start' from module 'C:\Windows\syswow64\KERNELBASE.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'MAIN' from module 'C:\Windows\syswow64\KERNELBASE.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'start' from module 'C:\Windows\syswow64\KERNELBASE.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'mains' from module 'C:\Windows\syswow64\KERNELBASE.dll'.
*** Unable to resolve unqualified symbol in Bp expression 'main' from module 'C:\Windows\syswow64\KERNELBASE.dll'.
ModLoad: 75550000 75597000   C:\Windows\syswow64\KERNELBASE.dll
(14cc.1120): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=c1870000 edx=0008e3c8 esi=fffffffe edi=00000000
eip=777b0fab esp=0018fb08 ebp=0018fb34 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2c:
777b0fab cc              int     3


you can download the symbol package appropriate for your version of windows
http://msdn.microsoft.com/en-us/windows/hardware/gg463028 (http://msdn.microsoft.com/en-us/windows/hardware/gg463028)

as far as the path goes, that is probably a matter of setting an environment variable
or, using a switch on the command line to override the default search path

... or use C:\Symbols   :biggrin:

ive double checked my symbols they are correct but im also set up for svr* as well so if it had problems it would download new symbols it was working with coff setting earlier almost but just tried olly 1 and it now works like a dream so problem solved I think :icon_eek:

flipflop1,

I use Windbg a lot.

This will make Windbg happy.

Windbg can be a pain, but not other program can debug your O.S.

Andy

\masm32\bin\ml /c /coff /Zi %1.asm
if errorlevel 1 goto errasm

if not exist rsrc.obj goto nores

\masm32\bin\Link /RELEASE /DEBUG /SUBSYSTEM:WINDOWS /OPT:NOREF %1.obj rsrc.obj
if errorlevel 1 goto errlink

:nores
\masm32\bin\Link /RELEASE /DEBUG /SUBSYSTEM:WINDOWS /OPT:NOREF %1.obj
if errorlevel 1 goto errlink

thanks for the post but ive already tried those settings I think there must be some other issue causing problems, Now that I have olly1 working im quite happy to stick with it but I have no idea how it fixed itself it may have had something to do with olly2 setting up registry for me but I cant say for sure or it may have been the symbol files I downloaded from Microsoft but from a newbie point of view setting this stuff up could well do with a program written by better programmers to automate this process as it is not easy or at least good solid documentation from the developers on settings for ml and link and instructions on symbols.
im playing around now with olly and have found my first bug in my source so I will turn my attention to that for now but I will keep an I eye open for olly2 update I hope it is soon
cheers all for advice and help

You should post some more details other than it doesn't work.

And don't blame your attention span either.  :t

Quoteok got it to produce the pdb file however windbg does not like it

I get this
Code: [Select]

Microsoft (R) Windows Debugger Version 6.2.9200.20512 X86
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: C:\masm32\prime.exe
Symbol search path is: C:\Symbols;srv*
Executable search path is: srv*

Try setting appropriate paths for your executable and its symbols.

ok will try setting them :t