Browse by Tags

If there is a consistent repro, I would definitely prefer Early Debugging . However in the real life postmortem debugging seems to be unavoidable. There are three concepts I wish to clarify before digging into the details: AeDebug is a set of registry keys which specify the behavior when...

People who develop debuggers would know in theory you cannot have a perfect disassembler (especially for x86) and stepper (especially for Step Over). People who develop commercial debuggers would know Function Evaluation (a.k.a. funceval) is a big challenge while implementing an Expression Evaluator...

A list of resources related to WinDBG, debugging on Windows NT, or how to write a debugger. Websites Dmitry Vostokov's www.dumpanalysis.org Geoff Chappell - Software Analyst Robert Kuster's windbg.info Oleg Starodumov's debuginfo.com OSR Online Toby Opferman's CodeProject Articles...

The developers in Microsoft have done a great job by bringing a great number of nice features, however, some of these features are poorly documented or even not documented at all. Autos Window in the Visual Studio Debugger is one of the best example of the gaps between implementation and documentation...

Early debugging is a wide topic, on a Windows PC it might be: Application startup Service startup WinLogon CSRSS ( Client/Server Runtime Subsystem ) Windows Setup and OS Loader MBR ( Master boot record ) BIOS POST ( Power-on self-test ) Application Startup As we have...

Abstraction and encapsulation are good because they make it easier to build complex systems, however, there are times you have to peek inside the abstraction and demistify the encapsulation. This is especially true for debugging and performance tuning (I will not talk about reverse engineering this time...

Many people who has been using Emacs for decades were shocked when they heard that Emacs is actually a text editor instead of an operating system. - vi advocator Sharing a similar spirit as Emacs , Windows Debuggers are also super good at non-debugging tasks. Calculator The builtin expression...

A target program might behave differently if it is being debugged, sometimes this can be very annoying. Also, these behavior deviations can be leveraged by anti-debugging . IsDebuggerPresent and CheckRemoteDebuggerPresent are well known APIs to tell if a program is attached by a debugger. 0:000>...

You might have heard of the Popek and Goldberg Virtualization Requirements . In theory, debugger shares a similar set of problems as virtualization, this is especially true for func-eval (Function Evaluation). Here goes a pop quiz about the side effects of the presence of debugger: #define WIN32_LEAN_AND_MEAN...

IFEO ( Image File Execution Options ) is a feature provided by the NT based operating system. It can be helpful when you are trying to debug at the very beginning of an application launch. A few people also taked about IFEO on MSDN Blogs: Image File Execution Options by Junfeng. Inside 'Image...

Using OutputDebugString is a common debugging technique for user mode debugging. It is easy but quite useful if you are debugging services or trouble shooting loader problem. #define WIN32_LEAN_AND_MEAN #include <Windows.h> int __cdecl main() { OutputDebugStringA( "Hello, world...

The Visual Studio debugger supports a kind of breakpoint called Data Breakpoint , sometimes it is also called watchpoint. Data breakpoint is architecture dependant, as it requires hardware support provided by CPU. For x86, this will be the DR ( Debug Register ). The following code demonstrates how...

Yet another Hello World... Well, my name is Reiley Yang. I'm a developer working on the Visual Studio debugger. I would like to use this technical blog to share my understanding of debuggers. Previously I have also been working on the C++ libraries (ATL, CRT, MFC, STL) and compiler front-end, so I...