Debuggers - What's your favorite one to use, and why?

Started by Shooter, December 31, 2010, 03:57:16 PM

Previous topic - Next topic

BogdanOntanu

jj2007, Donkey

Please excuse I was not aware of those features of Gobug. Those days I use VStudio's debugger more often than Olly. A long time ago I gave GoBog a brief test but I was not "impressed" and dropped it and never tested again ... sorry ;)

It is nice to find out from you two what I have missed and that GoBug has such interesting features.

About F4 in Olly it is not exactly a breakpoint (maybe an temporary one). You just put the cursor (mouse click or keys) where the loop ends (by your brains analysis and with hints help from Olly) and press F4 (single key press) and Olly will execute until there without a breakpoint being setup.

This is a very fast and convenient way to execute over loop or sequences of code you want to skip.

However it can be dangerous if you "guess" wrongly the loop or code exit location. I have seen code that calls a function in the middle of a loop and then inside that function it jumps to exit to an completely different location that what is expected for that "loop" and you can get tricked with ease.

My guess is that one can not automatically know where an "loop" ends because it can exit with jumps on multiple locations and complicated conditions. That is unless it is an old style loop that actually uses the LOOP instruction and/or it is a very simple loop with a simple exit condition.

I would trust my judgment to find the correct loop  exit location and press F4 there ... when compared to such an debugger feature ;)

I could offer the same argument for Olly showing GetLasterror results in CPU window at every instruction and API execution  and letting me decide if it was an error or not. 

I would consider the fact that one can not automatically know if an API returns error unless it is a simple rule or one has a list of all the API's and their associated error codes and that my code can use SetLastError() ...

But that is just me. 

Anyway I do stand corrected about not being able to understand those features of GoBog at first read and I thank you both for that ;)



Ambition is a lame excuse for the ones not brave enough to be lazy.
http://www.oby.ro

jj2007

Quote from: BogdanOntanu on January 02, 2011, 01:10:03 PM
About F4 in Olly it is not exactly a breakpoint (maybe an temporary one). You just put the cursor (mouse click or keys) where the loop ends (by your brains analysis and with hints help from Olly) and press F4 (single key press) and Olly will execute until there without a breakpoint being setup.

Thanks, Bogdan, I didn't know that it works this way - really convenient. As to recognising the end of the loop, not a problem because usually I debug my own code (yeah there are evil moderators here who move people directly to The Graveyard for debugging other people's code  :green2)

GregL

#32
Quote from: ShooterDo you know if MS Visual C++ debugger has a feature like Olly's Analyze?

Not that I know of, besides what it does when it loads your program.

Quote from: Shooter
Also, Olly has that ability (not sure what it's actually called) to show what the variable names are prior to calling an API.
For example, prior to calling User32.DialogBoxParamA, the right column of the CPU window names the variables InitParam, DialogProc, hParent, TemplateName, and hInst and what they're set to, which is really handy to me as I'm still trying to learn what each function does.
Can the MSVC debugger be set to show something like this?

Yes, when viewing disassembly (use the 'Go to disassembly' menu item) hover the mouse cursor over the variable and it will show the value of the variable.  You could also use the Watch window.


Shooter

GregL,
If I created a MASM32 project using RadASM and wanted to debug the .exe, does MS Visual C++ debugger have the ability to import the labels, i.e. "Start", "WinMain Proc", etc? Currently I haven't figured out how to do that with Olly, but I'm not exactly sure it has that ability either.
Never use direct references to anything ever. Bury everything in
macros. Bury the macros in include files. Reference those include
files indirectly from other include files. Use macros to reference
those include files.

BogdanOntanu

Quote from: Shooter on January 03, 2011, 08:03:43 PM
GregL,
If I created a MASM32 project using RadASM and wanted to debug the .exe, does MS Visual C++ debugger have the ability to import the labels, i.e. "Start", "WinMain Proc", etc? Currently I haven't figured out how to do that with Olly, but I'm not exactly sure it has that ability either.

Both Ollydbg and MS Visual C++ debugger have this ability.

You do need to build your exe with debug information and then at debug time both debuggers will recognize and load this kind of information.

Additionally Olly has the "LabelMaster" plugin that is able to load and save simple labels and variables name information in a plain text file.
Ambition is a lame excuse for the ones not brave enough to be lazy.
http://www.oby.ro

jj2007

To get symbols in Olly,
- use in the assembler commandline /Zi
- use in the linker commandline /debug

Shooter

Quote from: jj2007 on January 03, 2011, 08:10:50 PM
To get symbols in Olly,
- use in the assembler commandline /Zi
- use in the linker commandline /debug


I'm using RadASM as my IDE and one of the things that I can not seem to get working is to make it compile in debug mode!  :'( :'( :'( :'( :'(
Never use direct references to anything ever. Bury everything in
macros. Bury the macros in include files. Reference those include
files indirectly from other include files. Use macros to reference
those include files.

GregL

Quote from: ShooterIf I created a MASM32 project using RadASM and wanted to debug the .exe, does MS Visual C++ debugger have the ability to import the labels, i.e. "Start", "WinMain Proc", etc?

Yes, assemble with /Zi, link with /DEBUG, load the executable into the VC debugger.




GregL

In addition to the above, if the executable was assembled and linked with debug information, the VC debugger will load the source code (.asm) file. The view can then be toggled between source code and disassembly as you step through the program.

disintx

Quote from: Shooter on January 03, 2011, 08:37:00 PM
Quote from: jj2007 on January 03, 2011, 08:10:50 PM
To get symbols in Olly,
- use in the assembler commandline /Zi
- use in the linker commandline /debug


I'm using RadASM as my IDE and one of the things that I can not seem to get working is to make it compile in debug mode!  :'( :'( :'( :'( :'(

Shooter, menu select Project -> Project Options, use this window.


I'm a bit late to the party, but I'd like to give one more thumbs up for OllyDbg.
When a project is assembled/linked with debug info, you get nice names for functions and variables.


The VC++ debugger is nice, and works for x64 but since I don't write x64 code yet I am not worried about it. x64 support from Olly will be coming at some point,
but I'm sure that's a while off. Until then, I'll stick with Olly or WinDBG; VC++ 2010 bugs out on my laptop and takes too long to start up. May your experiences be better than mine =)