I hope this post is in the appropriate area- no worries - I am also sure I will be told - if it is not !

I have application code that I can put into a tight loop by a single incoming email !!!  I know which load module the code resides in (module is approx 900meg) but I am not having any success in getting the std windbg to let me get close to the code that is in the loop.

I start the app,  then do a windbg -p pidnumber, get into dbg and say 'go" - the app loops  (as it should) - when I say break - I am obivously in ntdll.dll - as it should be.

Any suggestion of how to get closer to the code that may be ruuning the loop.  I will also throw this thing into IDA pro and see what i can find.  I think that I can find literals that may help narrow my search, but I am looking for any general technique to find looping code.

thanks
Posted on 2006-01-18 22:06:54 by deros68
You can try doing "Step out" until you land in user code... won't always work, though. What kind of looping is this? And what kind of software? I hope you aren't trying to exploit anything...
Posted on 2006-01-19 07:58:22 by f0dder
I will try that - but the code base is huge.....  I do security vulnerability work for my employeer and this is our dammned email system. It's vulnerable to some oddball kinds of threats - so I research what kinds of hostile emails could cause a problem.  I am trying to see where this code is executed and then dissassemble the code to see if can be exploited by a crafted email.  My background is manframe assembler for 30 years and I do not yet have the experience and work with x86 to be good at it - not yet anyway.  I am used to using the mainframe debuggers and have worked with the windbg product on my own.  Google, IDA Pro and Ollydbg are the tools I am trying to learn to leverage.  The Intel X86 assembler language seems to have not been designed - it seems to have been added to for each new Intel processor - "it has a chaos of op-codes" etc...

thanks 
Posted on 2006-01-19 10:51:41 by deros68

The Intel X86 assembler language seems to have not been designed - it seems to have been added to for each new Intel processor - "it has a chaos of op-codes" etc...

Yep... especially if you look at the opcode construction. It's a damn patchwork of extensions...

Sounds like a pretty bad email system anyway :)
Posted on 2006-01-19 10:57:51 by f0dder