Basic Windows debugging technology

I. Preface,

Significance of software debugging technology:

1. It takes a lot of time for debugging.

2. debugging can solve many problems and is a powerful tool.

3. debugging has a stable life cycle.

4. debugging is also a good tool for learning technology.

Debugging window:

BreakPoints. Watch, Local, Call Statck, Memory, Disassembly, etc.

Common shortcut keys:

Set/cancel breakpoint: F9

Step into: F11

Step: F10

Jump out: Shift + F11

Parameter settings: you need to set the working directory and startup parameters.

Note in Project Settings: the compilation optimization is disabled and the compilation optimization is not disabled. The Assembly commands are different.

Parameterization: input parameter in Command Arguments in Debuging: this is a test

Ii. Improve

Breakpoint:

How the debugger sets breakpoints:

Saves the first byte of the instruction and writes it to an INT3 instruction.

In the configuration file, only the breakpoint location is recorded and replaced during actual execution.

Debug the advanced language debugger to generate multiple Assembly commands, but it does not interrupt the execution of one assembly command, but an interruption of one line of the source code.

Software compilation process

Compile:

Check during compilation: Compilation error, warning

Run the check:

Run Time Error Check

Stack pointer check

Partial Stack Buffer out-of-bounds check: Check cookie value: If the buffer overflow, the cookie value will overwrite, causing the check cookie to fail and automatic interruption

Uninitialized local variable check

Files that store debugging symbols:

Separate symbol file: PDB

Stored in an executable file

Debugging symbols:

Global Variables

Local Variables

Function name and function entry address

FPO data (precise to source code lines)

Symbol file: kernel32.pdb File

Symbol file generation process: PDB and PE files are generated during compilation.

Common debuggers:

Windbug:

If the file is unsigned, only binary file debugging can be performed.

When there is a symbolic question, you need to add the Microsoft server address and the local symbolic file address. F9 sets breakpoint debugging, which is easier than vs debugging.

SoftICE

Ollydbg:

Use this tool to view assembly code when no source code or symbol file exists.

Syser

Kernel debuggers such as windbg and KD: communicate by transmitting formatted data packets

Remote debugging:

Debug Programs on other machines in the Local Machine

Target machine settings:

Install VS Remote Debuging Monitor

Run VS Remote Debuging Monitor and select Remote debugging mode in Tools> Options.

VS2005 settings: Set in Attribute-Debuging

Practical --- debugging skills

Conditional breakpoint:

Conditional breakpoints can be used for frequently called subfunctions, loops, and multithreading.

F9 sets the breakpoint. Alt + F9 enters BreakPoints. Select the breakpoint and enter the conditional expression.

Memory breakpoint:

F9 sets the breakpoint and enters the debugging mode.

Debuing New Breakpoint, New Data Breakpoint

Write monitoring address: 0x12345678 or & I

Let the program continue to run. The program is interrupted when the memory content of the specified address is changed.

MessageBox Algorithm

You can add a MessageBox for programs that are not convenient to start in debug mode.

View time logs

Some programs that cannot be started normally

Function crash upon exit

This is generally caused by buffer overflow. you can comment out some codes and gradually narrow down the scope to locate errors.

Crash when releasing memory

Memory is released repeatedly.

View the dynamic link library of the program Link dependency:

Exists Tool

Instance-Crash Analysis

Application crash:

Capture dump

Windbug analysis steps:

Open dump, load the symbol file, and execute! Analyze-v command (locate the error after analysis) to view the result

Blue screen:

The blue screen information includes:

Error description

Recommended Measures

Technical Information (stop code)

Dump Information

Recognize the blue screen:

Is the ultimate error reporting method in Windows.

It is a positive action of the operating system to detect behaviors or situations that threaten the security of the system.

Reason for blue screen:

Error-driven

Hardware Error

Bugs in kernel code and unhandled exceptions

Differences between application-layer and kernel-Layer Program Development:

When an application-layer program error occurs, you can directly close the program and end the program. This causes less damage than kernel-layer program errors. A kernel-layer program error may cause a blue screen and stop running, it is generally caused by a driver bug. Write the kernel-layer program with greater caution.