Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: Crosscross on April 21, 2007, 03:06:01 PM

Title: Inside synbolic debug?
Post by: Crosscross on April 21, 2007, 03:06:01 PM
first please don't mind my poor chinese english if you had trouble undestanding it. i just wanna understand sth in what i think depth.

i had learn .asm  for some time,and i had tried some methods to debug symbolic variables, but i dont know how masm and link worked with it,when i disassembly it i just see  a great many of int 3 instructions. thank you !
Title: Re: Inside synbolic debug?
Post by: masmgod on April 22, 2007, 11:59:51 AM
What is happening here is that the linker is being used in incremental mode

What this means is to keep link times down on subsequent builds a lot of padding is put in between proceedures by the linker so should a proceedure be changed then only that proceedure will need linking into the executable rather than the whole program.

Now the padding that is used is opcode CC which is our int 3 instruction.

The Int 3 instruction is what generates our debug exceptions so the debugger can break into an executable image.

Int 3 was chosen as padding because if we have done something wrong in our program and in assembly this is possible we can jmp or call to the memory location that has our padding and a debug exception is generated if we had used any 8 bit number in our padding the program can run forever with disastrous consequences

If we want to get rid of the padding just turn incremental linking off

Hope this helps
Title: Re: Inside synbolic debug?
Post by: Vortex on April 22, 2007, 12:49:37 PM
Code Select
\masm32\bin\ml /c /coff /Zi /Zd Msgbox.asm
\masm32\bin\link /SUBSYSTEM:WINDOWS /DEBUG /DEBUGTYPE:CV Msgbox.obj
Title: Re: Inside synbolic debug?
Post by: dsouza123 on April 22, 2007, 01:29:57 PM
To do symbolic debugging two things are required,
a symbolic (source level) debugger
and the program  progname.exe to be instrumented
to contain the variable names and types,
aka a debug version, for which Vortex provided settings,
for both the assembler and linker.

Disassembling a debug version (unless using an advanced symbolic disassembler)
wont help you much, in fact the original source is the best source of symbolic code.
Title: Re: Inside synbolic debug?
Post by: Vortex on April 22, 2007, 05:42:57 PM
A good symbolic debugger : Ollydbg

http://www.ollydbg.de

QuoteOllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
Title: Re: Inside synbolic debug?
Post by: Crosscross on April 26, 2007, 10:56:52 AM
Many thanks !
I begain to think if i can get more infomation if i trace the debuger,or the program built for debug.
Text only | Text with Images