Hello All.
I have a very simple problem that I cannot debug. Here is the listing.

<code>
.386
.MODEL flat, stdcall
.stack 4096
ExitProcess PROTO, dwExitCode:DWORD
DumpRegs PROTO
.data
val1 DWORD 10d
val2 DWORD 20d
val3 DWORD 30d
finalval DWORD ?
.code
main Proc
mov eax, val1
add eax, val2
add eax, val3
mov finalval, eax
call DumpRegs
INVOKE ExitProcess, 0
main ENDP
END main
<code>

The program runs fine and I get a dump of the registers.

Now I was instructed that if I want to use the Windows Degugger windbg,exe I have to add <code>int 3<code>
to the beginning of main so I do this for example:

<snip>
<code>
.code
main Proc
int 3
mov eax, val1
add eax, val2
add eax, val3
mov finalval, eax
call DumpRegs
<snip>
<code>

It assembles and links fine but when I go to run the exe it core dumps and I get a windows error message.

<error>
addsub.exe has encountered a problem and needs to close.
<error>

It's the typical erorr reporting message from window XP.

Can anyone help?
Thanks.
Posted on 2005-01-30 12:32:22 by jmachine
If you run the int 3 code in a debugger it will pause at the int 3. You don't have to include an int 3 to use a debugger they are used to tell the debugger where you want the program to pause (breakpoints). The program crashes because there is no debugger attached and a breakpoint (int 3) in an exception that your program dosen't handle.
Posted on 2005-01-30 17:17:23 by QuantumMatrix1024
Assuming MASM, assemble with /Zi and link with /DEBUG. Then open the .exe with WinDbg.

Don't put INT 3 in your code. Use WinDbg to set breakpoints.
Posted on 2005-01-30 18:21:32 by Greg
According to my instructor, well this is what he says:

"Open AddSub2.asm from the \Examples\ch03 directory and insert a new line of code at the beginning of main:

int 3 ; required for WinDbg debugger

The comment, of course, is optional. The INT 3 instruction is called a breakpoint because it forces your program to pause execution and transfer control to the debugger. If we didn't include this instruction, AddSub2 would just run to completion without giving us a chance to use the debugger."

Thanks
Posted on 2005-01-30 18:24:09 by jmachine
Here are my commands.

ML /nologo -Zi -c -Fl -Sg -coff %1

LINK32 /nologo %1 irvine32.lib kernel32.lib /SUBSYSTEM:CONSOLE /DEBUG /MAP

In other debuggers my source code comes up with so I can set a break points etc. I guess I am just not used to windbg.
I can't set a breakpoint as my source window doesnt even come up at all. I can open it to look at it but that is all.

This is where the disassembly window starts:
.
.
.
.

ntdll!DbgBreakPoint:
77f75a58 cc int 3
77f75a59 c3 ret
77f75a5a 8bff mov edi,edi
ntdll!DbgUserBreakPoint:
77f75a5c cc int 3
77f75a5d c3 ret
77f75a5e 8bff mov edi,edi
ntdll!DbgBreakPointWithStatus:
77f75a60 8b442404 mov eax,
ntdll!RtlpBreakWithStatusInstruction:
77f75a64 cc int 3
77f75a65 c20400 ret 0x4
ntdll!vDbgPrintExWithPrefix:
77f75a68 6868020000 push 0x268
77f75a6d 68401af577 push 0x77f51a40
77f75a72 e8ddfa0200 call ntdll!_SEH_prolog (77fa5554)
77f75a77 33db xor ebx,ebx
77f75a79 33ff xor edi,edi
77f75a7b 837d0cff cmp dword ptr ,0xffffffff
77f75
.
.
.
.


It seems like there are 1000's of lines of disassembly. None of this makes sense to my program.
I will step through forever knowing what my eax register should contain but it never appears.

jim
Posted on 2005-01-30 19:03:30 by jmachine
You need to learn more about using WinDbg. Once you get it set up right and get the hang of it, it is very similar to using the Visual Studio debugger. Read the documentation and play around with it. I'll admit, there is a bit of a learning curve with WinDbg. I prefer Visual Studio but for the price (free) WinDbg is pretty good.
Posted on 2005-01-30 20:42:28 by Greg
make WinDbg your JIT debugger, use ollydbg, it's a lot better.
Posted on 2005-01-30 20:45:32 by Drocon
OllyDbg is good. But it can't do symbolic debugging (displaying the source code in the debugger).
Posted on 2005-01-30 21:11:10 by Greg
Yes OLLYDBG is much better. At least it starts at my main function. The only thing I have to figure out is how to see my source code. It comes up blank.

Thanks alot.
Jim
Posted on 2005-01-30 21:27:51 by jmachine
ollydbg is capable of showing source files use ctrl+f5
or use view ---> source menu

by the way if you add an int3 then you should set some debugger as just in time debugger other wise the standard drwatson will catch the exception and since it didnt find any debugger it will display the standard error message


addsub.exe has encountered a problem and needs to close.


open windbg and press help-->search
type jit you will see a very good explanation of how to set up windbg as jit
debugger

in ollydbg it is in option debugging option jit


for windbg to be jit you can also open cmd.exe and then navigate to the path
viz c:\program files\debugg~1\ >
and then type windbg -I (capital I)
windbg will be set up as jit
now if you run your exe it should break here like this



Microsoft (R) Windows Debugger Version 6.2.0007.4
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Symbol search path is: c:\symbols;srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00400000 00404000 C:\masm32\ICZTUTES\TUTE03\newm\jmach\jmach.exe
ModLoad: 77f80000 77ff9000 C:\WINNT\System32\ntdll.dll
ModLoad: 77e80000 77f36000 C:\WINNT\system32\KERNEL32.dll
(394.3ac): Break instruction exception - code 80000003 (!!! second chance !!!)
eax=00000000 ebx=7ffdf000 ecx=00000101 edx=ffffffff esi=023adc38 edi=00000000
eip=00401000 esp=0012ffc4 ebp=0012fff0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
*** WARNING: Unable to verify checksum for C:\masm32\ICZTUTES\TUTE03\newm\jmach\jmach.exe
*** ERROR: Module load completed but symbols could not be loaded for C:\masm32\ICZTUTES\TUTE03\newm\jmach\jmach.exe
jmach+1000:
00401000 cc int 3


disassembly window should bring


00401000 cc int 3
00401001 a100304000 mov eax,
00401006 030504304000 add eax,
0040100c 030508304000 add eax,
00401012 a30c304000 mov ,eax
00401017 e807000000 call jmach+0x1023 (00401023)


for source mode debugging to work properly the exe must be compiled with debuginfo and the .pdb and .dbg files should be available and
correct else windbg willl complain blah blah blah blah blah blah
always as if it got mad


0:000> ?? add
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** ***
*************************************************************************
Couldn't resolve error at 'add '
Posted on 2005-01-31 05:46:38 by bluffer
Thanks tons. When I get home i am going to try all this out. BTY, I downloaded all the symbols and inistalled in c:\windows\symbols. I then point WinDbg to that directory. Is that the correct way?

Thanks.
Jim
Posted on 2005-01-31 13:57:45 by jmachine
file --> symbol file path --browse --> ok

or type
.sympath in windbg to find the existing symbol path

use .sympath+ "new path" this command will append the new path to old path and will search there too
Posted on 2005-02-01 04:50:33 by bluffer