CDBAsm - how to use the MS Debug Engine

Started by japheth, October 24, 2009, 06:40:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

japheth

October 24, 2009, 06:40:19 AM Last Edit: October 25, 2009, 04:39:37 AM by japheth
Hello my Dear Friends,

if you are bored and looking for a toy to play with - here's one: CDBAsm, a mini-debugger written in Masm-syntax. It uses the MS Debug Engine, which is included in Windows (dbgeng.dll). More recent versions of the debug engine are include in the free 'Debugging tools for Windows' package.

Please note that CDBAsm uses Win32Inc. It can be converted to Masm32 without too much effort, but this task requires some understanding of COM - the MS debug engine uses COM interfaces for its API implementation.

What's this 'Debug Engine' thing?

It's the core of the MS debuggers. CDB, NTSD, KD and WinDbg are relatively small wrappers around the debug engine ( I really wonder why CDB.EXE needs a size of 300k - there's almost no additional functionality implemented besides the debug engine features).

What's CDBAsm good for?

- to understand how the debug engine works
- to debug applications
- symbolic debugging on source level is supported as well, but the UI is probably a bit "ancient"
- one can load and examine "dumps"
- one can load, examine and disassemble PE binaries (both 32- and 64-bit, both even on 32bit machines)
- one can probably extend the source a bit to implement a working CDB for Code::Blocks
- to use it as a "calculator" - see the "??" command
- as a base for your own debugger.

Possible problems

- you need Win32Inc v2.0+ to assemble the source. Older versions don't include dbgeng.inc
- ensure that the newest dbgeng.dll is loaded by CDBAsm.exe.

Japheth

25.10.2009 attachment updated



sinsi

#1
October 24, 2009, 07:00:31 AM
I have been waiting for a dos debug-type debugger, this looks great! I intend to play around with it tomorrow.
Thanks mateĀ  :U
Light travels faster than sound, that's why some people seem bright until you hear them.

japheth

#2
October 26, 2009, 01:27:33 PM
CDBAsm has been updated - and renamed ... now it's CDBA - sounds less antiquated.

Changes:
- fully supports pipes for input/output
- can be used within Code::Blocks (for MS VC C/C++ projects)
- some more CDB cmdline arguments supported (-g , -G, -lines, ... )
- a new option, -j, breaks into debugger on program entry point.

The last feature mentioned above is something which I miss alot in MS CDB.

http://www.japheth.de/debxxf/Download/CDBA.zip
Print
Go Up Pages1
User actions