I'm curious to know which debugger is preferred by the more wise, and why?
I guess the more wise are better than I thought and don't use debuggers. :'(
The less wise use Olly.
Quote from: jj2007 on December 31, 2010, 11:27:10 PM
The less wise use Olly.
Well, that's where I'm at, using Olly, but I wondered if there was some others that carried the same, if not better features of Olly. WinDbg is just a fancier version of the old DOS debug, at least to me it is. I was just curious what others use if NOT Olly. :bg
Shooter,
I prefer the MS Visual C++ debugger. It works great for MASM programs as well as C/C++ programs. I have gotten used to it over the years and I won't settle for anything else. I really don't care for WinDbg and OllyDbg is OK but it just doesn't have all the features the VC++ debugger has. The VC++ debugger supports x64 (64-bit) too. The Express Edition debugger does everything the full version debugger does, at least everything I have needed to do. I guess the downside is you have to install VC++ to use it, but being a C programmer I already have it installed.
To use it, assemble with /Zi, link with /DEBUG. Load the executable with the command-line devenv.exe /debugexe program.exe or VCexpress /debugexe program.exe. Or you can load the executable from the menus as File -> Open -> Project/Solution and select the executable.
GregL,
Is that part of the Studio package, or can I take a look at it without having to get all the rest?
-Shooter
Shooter,
You would have to install VC++ to use it. The Express Edition (http://www.microsoft.com/express/Downloads/#2010-Visual-CPP) is free.
Quote from: GregL on January 01, 2011, 12:10:06 AM
You would have to install VC++ to use it. The Express Edition (http://www.microsoft.com/express/Downloads/#2010-Visual-CPP) is free.
Welp, I'm downloading it now to give that a shot. I'm always looking to improve my knowledge, hence my original question. :8)
OllyDBG or IDA - Easy and Powerful! =]
Shooter,
Give it a shot, you can create MASM projects in it too, but it's not the easiest thing to do. It's great for mixed C and MASM projects. You get a C/C++ compiler and the latest version of MASM too. :bg
I agree, IDA is a good disassembler. Hutch posted a link to the free version a while back.
Quote from: caseys on January 01, 2011, 12:36:37 AM
OllyDBG or IDA - Easy and Powerful! =]
I have IDA, and I like some of the features it has, but as a general debugger it's sorta cumbersome. I like the Analysis option Olly has. I haven't quite figured out how to do that with IDA.
IDA is for more expert use =] ollydbg is simplier and faster
The old link for IDA Pro free version didn't work, so I found the latest one. It is for version 5, at the IDA vendor's web site
see http://www.hex-rays.com/idapro/idadownfreeware.htm
Quote from: GregL on January 01, 2011, 12:10:06 AM
Shooter,
You would have to install VC++ to use it. The Express Edition (http://www.microsoft.com/express/Downloads/#2010-Visual-CPP) is free.
Thanks for the link.
It requires Sp3 to install.
Some things "stopped working" with Sp3.
I will stick with Ollydbg.
Hmmmm no gobug users here ? :(
Quote from: Dogim on January 01, 2011, 02:31:36 PM
Hmmmm no gobug users here ? :(
Perhaps it's just a bit unknown? If you believe that it's underrated, then it's ok if you advertise it ( Decently! Not the E-Cube way! ). Is it better than my favorite CDB?
Quote from: japheth on January 01, 2011, 03:14:23 PM
Quote from: Dogim on January 01, 2011, 02:31:36 PM
Hmmmm no gobug users here ? :(
Perhaps it's just a bit unknown? If you believe that it's underrated, then it's ok if you advertise it ( Decently! Not the E-Cube way! ). Is it better than my favorite CDB?
A happy New Year to all, forgot the data has changed to 2011.
I was just curios how many used Gobug, i use Goasm,however i do use olly occasionally, but mainly Gobug, because i,m a beginner, i like the Gobug feature "Break op API error", which helps a lot,and the detailed execution log display is nice, i must say i haven't used olly that much, maybe these feature are also included in olly or in other debuggers.
I don't know cdb, so i can't compare them
I stay away from IDA , looks to complicated for a beginner :red, but if any could convince me to use other debuggers , i liked to hear it, and why of course.
But that's what this topic's about :thumbu
Quote from: Shooter
I guess the more wise are better than I thought and don't use debuggers.
Well there is a lot of truth there.
It depends on what you think debuggers can actually do. If you don't understand what the instructions do, or how your code should flow, they might be more useful than if you do.
Debuggers are good at looking at fine grain instruction operation, examining faulting conditions, and looking at other peoples code. When something faults, that's one of the easiest things to fix. With Visual Studio/C installed, any faulting app will drop into the debugger. If you compiled/assembled/linked your application, DLL, etc, with debug symbols enabled (/Zi), it will pull in the PDB files and use them. For system components you can pull symbols from a Microsoft server.
Debuggers are not much use for real time failures, and algorithmic issues with your code. First you need to be able to read and follow your own code. Add instrumentation, sanity checks, and actually test parts of your code as you write them, so when they are combined as a whole they will work as you expect.
You can output telemetry to the debug console, and use tools like DebugView to see what's going on. This can be helpful for GUI apps, and driver code.
Test your code in a simple framework/harness, use a C compiler and use the inline assembler. I test a lot of embedded code on a PC, where I have more resources, like file systems, and can emulate hardware. It's a lot easier to dig out stupid semantic and algorithmic issues on a PC, than on a piece of custom hardware.
I used to use SoftICE for driver work, not sure what I'd use today, probably WinDbg. Olly is pretty good for looking at applications you didn't write yourself, the symbol stuff is sometimes quirky. Visual Debugger should be fine unless your code is totally hopeless.
These days I mostly use hardware debuggers (ARM w/JTAG or trace units), but again the aforementioned methods substantially limit the amount of time, and problems, that require such attention.
I use GoBug for the most part but also OllyDbg. Depends mostly what I am trying to examine, each has its own advantages. For examining code OllyDbg does a slightly better job at finding procedures but GoBug has some imaginative ways to halt execution, for example on API errors which really helps when debugging a GUI application.
Quote from: donkey on January 01, 2011, 10:59:50 PMGoBug has some imaginative ways to halt execution, for example on API errors
That is one feature I miss in Olly. Others are to skip the non-usercode part (i.e. not to waste time deep inside a Windows API, or a CRT algo), and a key that advances to the end of a loop. Otherwise Olly is a great tool, and free.
Quote from: jj2007 on January 01, 2011, 11:36:49 PM
Quote from: donkey on January 01, 2011, 10:59:50 PMGoBug has some imaginative ways to halt execution, for example on API errors
That is one feature I miss in Olly. Others are to skip the non-usercode part (i.e. not to waste time deep inside a Windows API, or a CRT algo), and a key that advances to the end of a loop. Otherwise Olly is a great tool, and free.
Kidding?
you mean break on API, execute until user code, F4 to execute and break "here" aka at end of loop ?
Olly has all this and much more... well unless you are using Olly 2.x ... because that version is not yet finished
Quote from: donkey on January 01, 2011, 10:59:50 PM
I use GoBug for the most part but also OllyDbg.
Is GoBug free?
Quote from: Shooter on January 02, 2011, 12:18:10 AM
Quote from: donkey on January 01, 2011, 10:59:50 PM
I use GoBug for the most part but also OllyDbg.
Is GoBug free?
I use GoBug Version 2.03.01 , this version is not free, but the 0.91 version is.
Quote
Kidding?
you mean break on API,
Wich version of olly can do this BogdanOntanu ?
Quote from: Dogim on January 02, 2011, 12:34:06 AM
Quote
Kidding?
you mean break on API,
Wich version of olly can do this BogdanOntanu ?
Please excuse the edit .. I wanted to reply and pressed the wrong button :D
Probably all Olly 1.xx can do it... but for sure Olly 1.10 can do that.
see here: in the FAQ: http://www.ollydbg.de/faq.htm
And there are also a lot of plugins that add more features to this (management etc).
But to quote from another forum (RCE):
Quote
...
To breakpoint on an API function its easy enough just to hit Ctrl+G (Goto Address), then type in the API name like VirtualProtect and Olly will take you there. F2 to set the breakpoint. Couldn't get much easier than that!
...
Quote from: BogdanOntanu on January 02, 2011, 12:02:35 AM
Quote from: jj2007 on January 01, 2011, 11:36:49 PM
Quote from: donkey on January 01, 2011, 10:59:50 PMGoBug has some imaginative ways to halt execution, for example on API errors
That is one feature I miss in Olly. Others are to skip the non-usercode part (i.e. not to waste time deep inside a Windows API, or a CRT algo), and a key that advances to the end of a loop. Otherwise Olly is a great tool, and free.
Kidding?
you mean break on API, execute until user code, F4 to execute and break "here" aka at end of loop ?
Olly has all this and much more... well unless you are using Olly 2.x ... because that version is not yet finished
No, that's not what I mean. I mean that it will break only if the API throws an error (GetLastError type, not a hardware exception)
Quote from: GregL on December 31, 2010, 11:52:36 PM
I prefer the MS Visual C++ debugger. It works great for MASM programs as well as C/C++ programs. I have gotten used to it over the years and I won't settle for anything else. I really don't care for WinDbg and OllyDbg is OK but it just doesn't have all the features the VC++ debugger has.
I just downloaded and tried it, but either I'm missing out on how to set up, or my version doesn't have the type of features that Olly has. It just looked like an ordinary debugger to me. What features make it better than Olly?
-Shooter
Shooter,
For one thing it supports x64.
It has all the features of OllyDbg and more. Pull up the Registers window (it supports CPU, FPU, MMX, SSE, SSE2), the Memory window (you can view memory in any type from BYTE to QWORD to REAL4 and REAL8), the Call Stack window, the Watch window (will display REAL10 variables) etc. OllyDbg just comes up short in my book.
It's just a matter of personal taste, and what you are used to using. You asked what my favorite debugger is and I told you.
GregL,
I'm not challenging your choice in debuggers, I simply was just curious what you liked about it.
Do you know if MS Visual C++ debugger has a feature like Olly's Analyze?
Also, Olly has that ability (not sure what it's actually called) to show what the variable names are prior to calling an API. For example, prior to calling User32.DialogBoxParamA, the right column of the CPU window names the variables InitParam, DialogProc, hParent, TemplateName, and hInst and what they're set to, which is really handy to me as I'm still trying to learn what each function does. Can the MSVC debugger be set to show something like this?
One thing I haven't figured out how to get Olly to do automatically is to use labels as I have them in my .asm file (I have to manually add them in).
-Shooter
Quote from: BogdanOntanu on January 02, 2011, 12:02:35 AM
Kidding?
you mean break on API, execute until user code, F4 to execute and break "here" aka at end of loop ?
Olly has all this and much more... well unless you are using Olly 2.x ... because that version is not yet finished
Dear Bogdan,
I understand you are a fan of Olly, so am I. But, as Edgar already wrote, "break if API error" is different. And there is also a difference between manually setting a breakpoint after a loop (I guess that is what you suggested) and simply hitting a key that brings you to the end of whatever loop.
As to "skip the API", the F8 key does that, but it does not distinguish between Windows APIs and own procs. Yes this is really a minor criticism - I am a fan of Olly, and hope that version 2 (2 like SSE
2) is soon as perfect as Olly 1.0.
jj2007, Donkey
Please excuse I was not aware of those features of Gobug. Those days I use VStudio's debugger more often than Olly. A long time ago I gave GoBog a brief test but I was not "impressed" and dropped it and never tested again ... sorry ;)
It is nice to find out from you two what I have missed and that GoBug has such interesting features.
About F4 in Olly it is not exactly a breakpoint (maybe an temporary one). You just put the cursor (mouse click or keys) where the loop ends (by your brains analysis and with hints help from Olly) and press F4 (single key press) and Olly will execute until there without a breakpoint being setup.
This is a very fast and convenient way to execute over loop or sequences of code you want to skip.
However it can be dangerous if you "guess" wrongly the loop or code exit location. I have seen code that calls a function in the middle of a loop and then inside that function it jumps to exit to an completely different location that what is expected for that "loop" and you can get tricked with ease.
My guess is that one can not automatically know where an "loop" ends because it can exit with jumps on multiple locations and complicated conditions. That is unless it is an old style loop that actually uses the LOOP instruction and/or it is a very simple loop with a simple exit condition.
I would trust my judgment to find the correct loop exit location and press F4 there ... when compared to such an debugger feature ;)
I could offer the same argument for Olly showing GetLasterror results in CPU window at every instruction and API execution and letting me decide if it was an error or not.
I would consider the fact that one can not automatically know if an API returns error unless it is a simple rule or one has a list of all the API's and their associated error codes and that my code can use SetLastError() ...
But that is just me.
Anyway I do stand corrected about not being able to understand those features of GoBog at first read and I thank you both for that ;)
Quote from: BogdanOntanu on January 02, 2011, 01:10:03 PM
About F4 in Olly it is not exactly a breakpoint (maybe an temporary one). You just put the cursor (mouse click or keys) where the loop ends (by your brains analysis and with hints help from Olly) and press F4 (single key press) and Olly will execute until there without a breakpoint being setup.
Thanks, Bogdan, I didn't know that it works this way - really convenient. As to recognising the end of the loop, not a problem because usually I debug my own code (yeah there are evil moderators here who move people directly to The Graveyard for debugging other people's code :green2)
Quote from: ShooterDo you know if MS Visual C++ debugger has a feature like Olly's Analyze?
Not that I know of, besides what it does when it loads your program.
Quote from: Shooter
Also, Olly has that ability (not sure what it's actually called) to show what the variable names are prior to calling an API.
For example, prior to calling User32.DialogBoxParamA, the right column of the CPU window names the variables InitParam, DialogProc, hParent, TemplateName, and hInst and what they're set to, which is really handy to me as I'm still trying to learn what each function does.
Can the MSVC debugger be set to show something like this?
Yes, when viewing disassembly (use the 'Go to disassembly' menu item) hover the mouse cursor over the variable and it will show the value of the variable. You could also use the Watch window.
GregL,
If I created a MASM32 project using RadASM and wanted to debug the .exe, does MS Visual C++ debugger have the ability to import the labels, i.e. "Start", "WinMain Proc", etc? Currently I haven't figured out how to do that with Olly, but I'm not exactly sure it has that ability either.
Quote from: Shooter on January 03, 2011, 08:03:43 PM
GregL,
If I created a MASM32 project using RadASM and wanted to debug the .exe, does MS Visual C++ debugger have the ability to import the labels, i.e. "Start", "WinMain Proc", etc? Currently I haven't figured out how to do that with Olly, but I'm not exactly sure it has that ability either.
Both Ollydbg and MS Visual C++ debugger have this ability.
You do need to build your exe with debug information and then at debug time both debuggers will recognize and load this kind of information.
Additionally Olly has the "LabelMaster" plugin that is able to load and save simple labels and variables name information in a plain text file.
To get symbols in Olly,
- use in the assembler commandline /Zi
- use in the linker commandline /debug
Quote from: jj2007 on January 03, 2011, 08:10:50 PM
To get symbols in Olly,
- use in the assembler commandline /Zi
- use in the linker commandline /debug
I'm using RadASM as my IDE and one of the things that I can not seem to get working is to make it compile in debug mode! :'( :'( :'( :'( :'(
Quote from: ShooterIf I created a MASM32 project using RadASM and wanted to debug the .exe, does MS Visual C++ debugger have the ability to import the labels, i.e. "Start", "WinMain Proc", etc?
Yes, assemble with /Zi, link with /DEBUG, load the executable into the VC debugger.
In addition to the above, if the executable was assembled and linked with debug information, the VC debugger will load the source code (.asm) file. The view can then be toggled between source code and disassembly as you step through the program.
Quote from: Shooter on January 03, 2011, 08:37:00 PM
Quote from: jj2007 on January 03, 2011, 08:10:50 PM
To get symbols in Olly,
- use in the assembler commandline /Zi
- use in the linker commandline /debug
I'm using RadASM as my IDE and one of the things that I can not seem to get working is to make it compile in debug mode! :'( :'( :'( :'( :'(
Shooter, menu select Project -> Project Options, use this window.
(http://i.imgur.com/IXoPE.png)
I'm a bit late to the party, but I'd like to give one more thumbs up for OllyDbg.
When a project is assembled/linked with debug info, you get nice names for functions and variables.
(http://i.imgur.com/x3nh9.png)
The VC++ debugger is nice, and works for x64 but since I don't write x64 code yet I am not worried about it. x64 support from Olly will be coming at some point,
but I'm sure that's a while off. Until then, I'll stick with Olly or WinDBG; VC++ 2010 bugs out on my laptop and takes too long to start up. May your experiences be better than mine =)