Uninformed: Informative Information for the Uninformed

Current v9 v8 v7 v6 v5 v4 v3 v2 v1 All About
Vol 1» 2005.May


Next: WinDBG Windows Up: Introduction to Reverse Engineering Previous: Symbol Server   Contents

Getting Familiar with WinDBG

Whether the reader points and clicks their way through applications or uses shortcut keys, the WinDBG toolbar will briefly act as a guide for discussing some basic debugging terminology that will be used throughout this document. From left to right, the following options are available:
  1. Open Source Code Open associated source code for the debugging session.
  2. Cut Move highlighted text to the clipboard
  3. Copy Copy highlighted text to the clipboard
  4. Go Execute the debugee
  5. Restart Restart the debugee process4.1
  6. Stop Debugging Terminate the debugging session4.2
  7. Break Pause the currently running debugee process
The next four options are used after the debugger has been told to break. The debugger can be issued a break via the previous option, or the user may specify breakpoints. Breakpoints can be assigned to a variety of conditions. Most common are when the processor executes instructions at a specific address, or when certain areas of memory have been accessed. Implementing breakpoints will be discussed in more detail later in this document.

Once a breakpoint has been reached, the process of executing individual instructions or function calls is referred to as stepping through the process. WinDBG has a handful of methods for stepping, four of which will be immediately discussed.

  1. Step Into Execute a single instruction. When a function is called, this will cause the debugger to step into that function and break, instead of executing the function in its entirety.
  2. Step Over Execute one or many instructions. When a function is called, this will cause the debugger to execute the called function and break after it has returned.
  3. Step Out Execute one or many instructions. Causes the debugger to execute instructions until it has returned from the current function.
  4. Run to Cursor Execute one or many instructions. Causes the debugger to execute instructions until it has reached the addresses highlighted by the cursor.
Next, is Modify Breakpoints which allows the reader to add or modify breakpoints. The remainder of the toolbar options is used to make visible and customize various windows within WinDBG.


Subsections
Next: WinDBG Windows Up: Introduction to Reverse Engineering Previous: Symbol Server   Contents