News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

simple source code debuggers

Started by flipflop1, March 28, 2013, 01:26:17 PM

Previous topic - Next topic

flipflop1

hi everyone im trying to debug my own source code and im trying out olly and windbg

im having problems getting started on either program

neither wont load my executable and start at the beginning of my source
what am I doing wrong :dazzled:

dedndave

olly is a good way to go

pick a folder, where you want olly to reside permanently
as, it does not "install", per se (no setup installer)
example: C:\Program Files\OllyDbg2
i put the 2 on there, as some of us like to be able to use version 1 or version 2

run the program
Options - Options - Debugging - Just-In-Time
click the "Set OllyDbg" button
close Olly
this sets olly as the default JIT debugger
you may be used to seeing Dr Watson come up when a program crashes
now, Olly will, instead
you can always go back to the Options menu and set it back to whatever you had previously

now, to make Olly pop up intentionally, place an INT 3 instruction in your program
run your program normally, when it encounters the INT 3, Olly will pop up
the INT 3 generates an exception

of course, other exceptions will also cause olly to pop up
so - if you try to execute some illegal instruction - bang, olly

from there, you can use F7 or F8 to single step, or F9 to continue
F7 will trace through API functions, F8 will just execute them, tracing only the higher level

flipflop1

thanks but it doesn't seem to work
I have ollydbg1.0.10.0
I have a options-just in time debugging in my menu but it comes up with "jit debugger is *" * is a series of characters that are not on my keyboard

ill try olly2

dedndave

you can also set it up manually

if you are running a 64-bit OS, you will have similar registry entries at:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger

but, on my 32-bit OS, it looks like this:

flipflop1

I got olly 2 to work sort of it comes up but no source file is found and I don't seem to be able to load it
olly 1 had a source window but I cant find it on olly2

dedndave

i don't think olly 2 supports symbols, yet
never tried it - i run with the big dogs - lol

my understanding is that he is working on adding it to v2
but, that's why some like to run olly v1

i generally know what i am looking at   :redface:

flipflop1

 :( that was the one feature I wanted really do you know how to get windbg working by any chance

jj2007

Quote from: dedndave on March 28, 2013, 02:52:35 PM
i don't think olly 2 supports symbols, yet

It does, it does - you just have to find it among the options ;-)

japheth

Quote from: flipflop1 on March 28, 2013, 02:54:50 PM
:( that was the one feature I wanted really do you know how to get windbg working by any chance

WinDbg is simple. It stops at the initial breakpoint. At this point, just einter "g start" ( assuming that "start" is your program's entry point ).

IIRC it will open the source file automatically when the entry point is hit.

GoneFishing

#9
QuoteWinDbg is simple

Not so simple as it may seem . Especially for the beginner.In fact WinDbg is very powerful debugger allowing lots of advanced debugging techniques.

QuoteIIRC it will open the source file automatically when the entry point is hit.

That's right, it will

WinDbg is also very clever - it remembers your last session or you may  save it to the workspace file (.WEW)
 

flipflop1

Quote from: jj2007 on March 28, 2013, 05:49:03 PM
It does, it does - you just have to find it among the options ;-)

well had a look but I still cant find source window and source does not appear in source files could you tell me where abouts I should be looking or is this another error with my assembly and linking settings they are supposed to be set up for windbg
QuoteWinDbg is simple. It stops at the initial breakpoint. At this point, just einter "g start" ( assuming that "start" is your program's entry point ).

Bp expression 'start' could not be resolved, adding deferred bp
*** Bp expression 'start' contains symbols not qualified with module name.
(1240.1268): Break instruction exception - code 80000003 (first chance)
eax=76c13398 ebx=7efde000 ecx=00000000 edx=00401000 esi=00000000 edi=00000000
eip=0040100b esp=0018ff74 ebp=0018ff84 iopl=0         nv up ei pl nz na pe cy
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000207
image00400000+0x100b:
0040100b cc              int     3

cant get it to load executable automatically either

jj2007

Quote from: flipflop1 on March 29, 2013, 12:08:10 AM
Quote from: jj2007 on March 28, 2013, 05:49:03 PM
It does, it does - you just have to find it among the options ;-)

well had a look but I still cant find source window and source does not appear in source files

Build with
/Zi for the assembler (ML 6.14, 6.15, JWasm, NOT ML 8.0...11.0)
/debug for the linker (link 5.12 as supplied with Masm32, NOT polink)
Then launch Olly 2.0, go to Options:
- Code: Show symbolic addresses
- Analysis: Try the options in the lower half

Here is an example of variable names you should see (in red):

00401324  \.  E8 5B0D0000   call ExitProcess                         ; \KERNEL32.ExitProcess
MbXls      $  55            push ebp                                 ; MB2DDE2Xls.MbXls(pCommand,mode)
0040132A   .  8BEC          mov ebp, esp
0040132C   .  83C4 FC       add esp, -4
0040132F   .  56            push esi
00401330   .  57            push edi
00401331   .  53            push ebx
00401332   .  51            push ecx
00401333   .  CC            int3
00401334   .  C745 FC 23010 mov dword ptr [ebp-4], 123
0040133B   .  BF 1A1C4000   mov edi, 00401C1A                        ; Entry point
00401340   .  8B75 08       mov esi, dword ptr [ebp+8]
00401343   .  BB 38984000   mov ebx, offset ddeData
00401348   .  91            xchg eax, ecx
00401349   .  8925 36FA4000 mov dword ptr [EspGlob], esp

flipflop1

thanks for your help but I am still looking for more of a source code view as my project will reach several thousand lines of code it compiles fine and will run as well so bugs are harder to find I will try windbg again

GoneFishing

First, make sure that YourAppName.pdb file is present in  your project's folder along with YourAppName.asm and YourAppName.exe
Then check if the label "start" exists in your code. If not - try
bp main
or whatever label  ( proc, function ) name you use in your code

flipflop1

cheers got it working but had to add couple more command line options to my assembly line
:greenclp: