Little KnownNative Debugging Tricks

Ofek ShilonDirector of Algorithms @ Sarin Technologies

www.thetweaker.wordpress.com

DISCLAIMER

VS AS AN INTERPRETER

Expression Evaluator

• Demo• Scope– Watch, QuickWatch,– Immediate,– BP conditions, ‘when hit’

• Call Functions from the debugger!

Expression Evaluator

• Context Operator– Documentation is wrong.– Might require decorated names.– VS2010 blocked WIN-API, but eased usage of

others.– VS11B supports the simpler syntax

msvcr110d.dll!fabs(-8.0f)

Expression Evaluator

• Thread context• Access insensitive• Blind to inlined functions• Things to try when evaluation fails:– Very explicit casting,– Explicit addresses.

Edit and Continue

• Demo• Stale code

Edit and Continue• Preparation: /ZI, /INCREMENTAL

Edit and Continue

• Limitations:– Inconsistent with /RELEASE, /OPT:REF, /OPT:ICF,

/ORDER, /FORCE,– Does not invoke custom build steps,– Isn’t supported on attached processes,– Can’t change object layout,– Doesn’t regenerate IDL files,– Can’t change resource files,– Does not build static libs.

CLICK SAVERS

StepOver

• Demo

StepOver

• VC6: autoexp section [ExecutionControl]• VC7: Reg key -

HKCU\Software\Microsoft\VisualStudio\7.0\NativeDE\StepOver

• VC8: HKLM\Software\Microsoft\VisualStudio\8.0\NativeDE\StepOver

• VC10, VC11B: HKCU\Software\Microsoft\VisualStudio\10.0_Config\NativeDE\StepOverDropped ‘=NoStepInto’ syntax

StepOver

• Warning!When 2 or more instances of VSare active, occasionally it would create and use a duplicate reg key

… and all ’10.0_Config’ modifications would have no effect !

StepOver

• Credit: Andy Pennell http://blogs.msdn.com/b/andypennell/archive/2004/02/06/69004.aspx

• A request to make StepOver official:http://visualstudio.uservoice.com/forums/121579-visual-studio/suggestions/2668765-support-nostepinto-registry-mechanism

autoexp

• How’s the debugger ‘aware’ of STL containers?• autoexp.dat– By default at

%VS folder %\Common7\Packages\Debugger

autoexp

• Demo

• Specialized syntax for common containers: Array, List, Map, Tree.

• Re-parsed on every debugging session• Extremely fragile, yet excellent investment

autoexp

• Status limbo:

autoexp

• Bypass file path via env var: _vcee_autoexp• Bypass visualizer locally: xxx,!• Bypass

globally in Tools/Options:

autoexp• Resources:– Avery Lee

http://virtualdub.org/blog/pivot/entry.php?id=120

– Stephan T. Lavavej BoostCon presentationhttp://filetolink.com/d/?h=a456fc7fd3d35644edcbe5e764d1ba63&t=1315076450&f=17ad36ef

– My blog: complete MFC containers visualization, Matrix 2D visualization, and morewww.thetweaker.wordpress.org

– A request to make autoexp official:http://visualstudio.uservoice.com/forums/121579-visual-studio/suggestions/2056273-support-debug-visualizers-through-autoexp-dat

Sound Alerts

• Win7:Control Panel \ Hardware and Sounds \ Sound \ Change system sounds

• WinXP:Control Panel \Sounds and Audio... \Program Events – Microsoft Developer

TRACING ERRORS

GetLastError Interactively

• GetLastError implementation:

• (int*)($fs)+0x34• (int*)($tib)+0x34• $err !• Credit: msdn

http://msdn.microsoft.com/en-us/library/dtw169z6.aspx

Extensions• Customizing ‘,hr’ display in autoexp.dat:

• Other TEB data: (_TEB*)$tib

Breaking on Errors

• BP location: (int*)($tib)+0x34• Specific error: BP condition– Slooooooooow

• g_dwLastErrorToBreakOn !– (int*){,,ntdll.dll}_g_dwLastErrorToBreakOn– Fails in VC10 over Win7. Restored in VC11B

• Credit: Daniel Pearson, http://blogs.msdn.com/b/danpear/archive/2007/04/06/2033100.aspx

INVESTIGATING CODE

Breaking on all class methods

• Break at function: Class::*

• Credit: Habib Heydarianhttp://blogs.msdn.com/b/habibh/archive/2009/09/10/class-breakpoint-how-to-set-a-breakpoint-on-a-c-class-in-the-visual-studio-debugger.aspx

Naming Native Threads

• Demo

• ‘Documented hack’Credit: MSDNhttp://msdn.microsoft.com/en-us/library/xcb2z8hs.aspx

Breaking on Data Read

• Some code required.• Links to 4 implementations:

http://thetweaker.wordpress.com/2011/05/22/breaking-on-data-read/

• Request to make it official:http://visualstudio.uservoice.com/forums/121579-visual-studio/suggestions/2668700-expose-break-on-read-breakpoints

Static Object Layout

• /d1reportSingleClassLayout• /d1reportAllClassLayout

• Credit: Andy Richhttp://blogs.msdn.com/b/vcblog/archive/2007/05/17/diagnosing-hidden-odr-violations-in-visual-c-and-fixing-lnk2022.aspx

ENHANCED DIAGNOSIS

Useful Pseudo-registers

• $tid-> very useful as a BP condition.

• $env=0-> view debugee environment variables– In VC11: just $env in watch

• $cmdline = 0-> view launching command lineCredit: John Cunningham, http://blogs.msdn.com/b/ms_joc/archive/2004/08/23/218912.aspx

Useful Pseudo-registers

• $handles-> narrows down handle leaks

• $clk-> rough profiling

• $user-> view permissions info

• Credits: Steve Steiner, Gregg Miskelly, et. al. http://blogs.msdn.com/b/stevejs/http://blogs.msdn.com/b/greggm/

Searching Through Memory

• Credit: msdnhttp://msdn.microsoft.com/en-us/library/ms171363.aspx

THANK YOU.

www.thetweaker.wordpress.comofekshilon@gmail.com