I was wondering what debugger other people were using to debug assembly. I can use CDB to debug C programs but im not sure what to use for assembly. I try to use CDB and Ollydbg when debugging assembly but I don't know where my code starts (the acutal code i wrote, not the include libraries part). So to sum up:
what debugger to use for assembly debugging?
how to know where the code i actually wrote begins in memory? i.e. set a breakpoint to the beginning of the code
what debugger to use for assembly debugging?
how to know where the code i actually wrote begins in memory? i.e. set a breakpoint to the beginning of the code
Hm I thought OllyDbg starts execution at your program entry point.
Of course if you're debugging a C programs, this is the C runtimes startup, not your main(). You can always insert an INT 3 (db 0CCh) instruction and let the debugger run until it hits this breakpoint.
You might want to have a look at Microsofts WinDbg - it's very powerful, if a bit cumbersome. The Visual Studio debugger is very nice, too.
What's CDB? :)
Of course if you're debugging a C programs, this is the C runtimes startup, not your main(). You can always insert an INT 3 (db 0CCh) instruction and let the debugger run until it hits this breakpoint.
You might want to have a look at Microsofts WinDbg - it's very powerful, if a bit cumbersome. The Visual Studio debugger is very nice, too.
What's CDB? :)
cdb is a debugger that comes with ms visual studio. I read the only differences between cdb and windbg is the interface (command line and gui).
I think my problem is that the executable from my assembly program is not a valid PE file.
I think my problem is that the executable from my assembly program is not a valid PE file.
CRT entry point has a short code, and then call your main() so it's rather easy to find, I think..?
00441B6F >/$ 55 push ebp
00441B70 |. 8BEC mov ebp, esp
00441B72 |. 6A FF push -1
00441B74 |. 68 90224500 push MyProjec.00452290
00441B79 |. 68 701D4400 push <jmp.&MSVCRT._except_handler3> ; SE handler installation
00441B7E |. 64:A1 00000000 mov eax,
00441B84 |. 50 push eax
00441B85 |. 64:8925 000000>mov , esp
00441B8C |. 83EC 68 sub esp, 68
00441B8F |. 53 push ebx
00441B90 |. 56 push esi
00441B91 |. 57 push edi
00441B92 |. 8965 E8 mov , esp
00441B95 |. 33DB xor ebx, ebx
00441B97 |. 895D FC mov , ebx
00441B9A |. 6A 02 push 2
00441B9C |. FF15 B4204400 call , FFFFFFFF
00441BAA |. 830D A0004600 >or , FFFFFFFF
00441BB1 |. FF15 B8204400 call ; MSVCRT.__p__fmode
00441BB7 |. 8B0D 98004600 mov ecx,
00441BBD |. 8908 mov , ecx
00441BBF |. FF15 BC204400 call
00441BCB |. 8908 mov , ecx
00441BCD |. A1 C0204400 mov eax,
00441BD4 |. A3 A4004600 mov , eax
00441BD9 |. E8 27020000 call MyProjec.00441E05
00441BDE |. 391D F0D64500 cmp , ebx
00441BE4 |. 75 0C jnz short MyProjec.00441BF2
00441BE6 |. 68 021E4400 push MyProjec.00441E02
00441BEB |. FF15 C4204400 call
00441C0B |. 8945 94 mov , eax
00441C0E |. 8D45 94 lea eax,
00441C11 |. 50 push eax
00441C12 |. FF35 8C004600 push
00441C18 |. 8D45 9C lea eax,
00441C1B |. 50 push eax
00441C1C |. 8D45 90 lea eax,
00441C1F |. 50 push eax
00441C20 |. 8D45 A0 lea eax,
00441C23 |. 50 push eax
00441C24 |. FF15 CC204400 call
00441C43 |. 8975 8C mov , esi
00441C46 |. 803E 22 cmp , 22
00441C49 |. 75 3A jnz short MyProjec.00441C85
00441C4B |> 46 /inc esi
00441C4C |. 8975 8C |mov , esi
00441C4F |. 8A06 |mov al,
00441C51 |. 3AC3 |cmp al, bl
00441C53 |. 74 04 |je short MyProjec.00441C59
00441C55 |. 3C 22 |cmp al, 22
00441C57 |.^75 F2 \jnz short MyProjec.00441C4B
00441C59 |> 803E 22 cmp , 22
00441C5C |. 75 04 jnz short MyProjec.00441C62
00441C5E |> 46 inc esi
00441C5F |. 8975 8C mov , esi
00441C62 |> 8A06 mov al,
00441C64 |. 3AC3 cmp al, bl
00441C66 |. 74 04 je short MyProjec.00441C6C
00441C68 |. 3C 20 cmp al, 20
00441C6A |.^76 F2 jbe short MyProjec.00441C5E
00441C6C |> 895D D0 mov , ebx
00441C6F |. 8D45 A4 lea eax,
00441C72 |. 50 push eax ; /pStartupinfo
00441C73 |. FF15 AC204400 call , 1
00441C7D |. 74 11 je short MyProjec.00441C90
00441C7F |. 0FB745 D4 movzx eax,
00441C83 |. EB 0E jmp short MyProjec.00441C93
00441C85 |> 803E 20 /cmp , 20
00441C88 |.^76 D8 |jbe short MyProjec.00441C62
00441C8A |. 46 |inc esi
00441C8B |. 8975 8C |mov , esi
00441C8E |.^EB F5 \jmp short MyProjec.00441C85
00441C90 |> 6A 0A push 0A
00441C92 |. 58 pop eax
00441C93 |> 50 push eax ; /Arg4 <--- start pushing params for main()
00441C94 |. 56 push esi ; |Arg3
00441C95 |. 53 push ebx ; |Arg2
00441C96 |. 53 push ebx ; |/pModule
00441C97 |. FF15 30204400 call , eax
00441CA6 |. 50 push eax ; /status
00441CA7 |. FF15 40214400 call ; \exit
00441CAD |. 8B45 EC mov eax,
00441CB0 |. 8B08 mov ecx,
00441CB2 |. 8B09 mov ecx,
00441CB4 |. 894D 88 mov , ecx
00441CB7 |. 50 push eax
00441CB8 |. 51 push ecx
00441CB9 |. E8 26010000 call <jmp.&MSVCRT._XcptFilter>
00441CBE |. 59 pop ecx
00441CBF |. 59 pop ecx
00441CC0 \. C3 retnI use VC 6 debugger.? Compile program with debug symbols and works like a dream.
best regards,
czDrillard
best regards,
czDrillard
I use MS' windbg. It support source level debugging.
http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Remember to set a break point inside your source window. ( eg "run to cursor" )
The attached file is a simple example I wrote.
http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Remember to set a break point inside your source window. ( eg "run to cursor" )
The attached file is a simple example I wrote.