Title sums it up, I tried to use IDA Pro and x32dbg but every time I run a them, even with breakpoints it ends up forcefully stopping the debugging process and then the program executes itself, so basically I cant get to the point I want it to run before it closes.
Anyways I was wondering if there is a way to see which address a running program is at in its binary at. With the endless amount of lines, id never find what I'm looking for unless i can open the program and see where it is currently in its binary form...
Related
I forgot to run a script using time so I don't know how much did it take. The script never completed, I stopped with ctrl+c after a while.
It is the last program I run in the terminal, and since then I entered no commands.
I was wondering if bash automatically stored the execution time of the last program run.
I don't need the time for benchmark purposes, so I don't need a great precision. Does bash (or linux somewhere) store information like "you started this script at this time and stopped it at this other time"?
I tried looking on SO but only find questions on how to time a program, not on how to get the "rough" time it took after you run it without using time.
When I put a "pause" command into my program, I can precede it with a disp("Just finished averaging") or something of the kind, so I can read on the console which "pause" I am at.
But when I lose my patience with a program that's taking forever to complete, and hit Ctrl-C to see what is going on, I cannot see a way of finding out which code line I interrupted it at. The "whereami" command tells me I am in pause, which is obviously true but hardly helpful; it's like a GPS device telling me I'm in the driver seat. Oh yeah, I figured that myself, thank you Captain.
I am tempted to create a dedicated variable, say MyApproximateCurrentCodeLine, and updating it every few lines of code with hard-wired substitution commands. This would work but would take a lot of time to write, a similar amount of time to remove when I'm done, and would have to be repeated with every program I need to debug. Not to mention it's just plain ugly.
Is there a better way of finding the current execution point?
Once you have interrupted the program
[linenum, callername] = where()
will give you the full calling tree.
S.
This is my first question in Stack Overflow, since up until now, I always managed to find my answers.
So.. I'm writing a debbuger (for Windows, in python, using WinAppDbg library) that should trace the program execution, and encountered some problems.
I'm setting the trap flag, so I could stop every single step.
First problem - sometimes the execution flow goes through a Windows api, which goes to the kernel. When it returns, obviously the trap flag is off, and the execution of the thread may continue millions of instructions without my debbuger tracing every step of it.
Chance of solution - before a Windows api is called, I set the next addresses permissions as guard page, thus when the call returns, I get a guard page exception, setting the trap flag again, and continue tracing. But this cause a different problem (I call it "second problem")
Second problem - since I'm setting the trap flag of my main thread, all I see is a loop of that thread (I guess it's the Windows gui loop), and the program execution isn't advancing (for example, there should be new threads created, but I don't see them).
So what am I looking for?
A debugger's source code that can handle the problems I've described.
Or better yet, a solution to my problems. What am I doing wrong?
Thank you all!
Is there any way to find out what was the last Exit Code of an application the last time it run?
I want to check if application wasn't exit with zero exit code last time (which means abnormal termination in my case) And if so, do some checking and maybe fix/clean up previously generated data.
Since some applications do this (they give a warning and ask if you want to run in Safe Mode this time) I think maybe Windows can tell me this.
And if not, what is the best practice of doing this? Setting a flag on a file or something when application terminated correctly and check that next time it executed?
No, there's no permanent record of the exit code. It exists only as long as a handle to the process is kept open. And returned by GetExitCodeProcess(), it needs that handle. As soon as the last handle is closed then that exit code is gone for good. One technique is a little bootstrapper app that starts the process and keeps the handle. It can then also do other handy things like send alerts, keep a log, clean up partial files or record minidumps of crashes. Use WaitForSingleObject() to detect the process exit.
Btw, you definitely want to exit code number to mean the opposite thing. A zero is always the "normal exit" value. This helps you detect hard crashes. The exit code is always non-zero when Windows terminates the app forcibly, set to the exception code.
There are other ways, you can indeed create a file or registry key that indicates the process is running and check for that when it starts back up. The only real complication with it is that you need to do something meaningful when the user starts the program twice. Which is a hard problem to solve, such apps are usually single-instance apps. You use a named mutex to detect that an instance of the program is already running. Imprinting the evidence with the process ID and start time is workable.
There is no standard way to do this on the Windows Platform.
The easiest way to handle this case is to put a value on the registry and to clear it when the program exits.
If the value is still present when the program starts, then it terminated unexpectedly.
Put a value in the HKCU/Software// to be sure you have sufficient rights (the value will be per user in this case).
I need to run a ruby script for one week and check whether it is running for every hour.
Could you please suggest me some way? I need to check this in windows machine.
For ex:- I have script called one_week_script.rb which will run for one week, in between i want to check whether the script is running or not? if it is not running, then running that script from another script
A typical solution is to use a "heartbeat" strategy. The "to be monitored" notifies a "watchdog" process on a regular interval. A simple way of doing this might be to update the contents of some file every so often, and the watchdog simply checks that same file to see if it's got recent data.
The alternative, simply checking if the process is still 'loaded' has some weaknesses, The program could be locked up, even though it's still apparently 'running'. Using the heartbeat/watchdog style means you know that the watched process is operating normally, because you're getting feedback from it.
In a typical scenario, you might just write the current time, and some arbitrary diagnostic data, say the number of bytes processed (whatever that might mean for you).