Showing DLL-symbols of an attached process - visual-studio

About 15 years ago I reverse-engineered some Windows-programs with the Watcom Debugger. One thing that was advantageous with the Watcom Debugger was, that it could show the exported symbols of the loaded DLLs.
When I attach to a running process with Visual Studio 2015 Community Ed. I'm missing this feature. Can anyone tell me how to list the loaded DLLs and their symbols?

You can use windbg for this. Download and install the Windows Debugging Tools, fire up windbg and hit F6 to attach to a running process. It will immediately show the DLL's loaded, but if you enter the command lm you'll get a list of loaded modules, as well as their start and end points in memory.

Related

Unable to attach to process. General Exception

This is from Visual Studio Community 2022 64-bit 17.1.1, "Current."
The binary to be debugged was compiled on Windows 11 with the same IDE, but I'm running it on Windows 10 Pro. Once it starts, I'm trying to attach the debugger.
The same file system contains all exe, lib, dll, obj, and source, all in the same places and full paths, as it's mounted in the same position on both computers (T:).
Attachment type is "Automatic." I'm doing Debug->Attach to Process, and clicking on a PID.
The same workflow succeeds on connecting the debugger on the same IDE on the Windows 11 box where the exe was compiled.
All processes belong to the same user (me).
Googling is finding nothing at all except red herrings about remote debugging (I'm trying to debug on the computer running the binary) and permissions.
OK, I'm not sure if this answer will help others, but on Windows 11, when I select the binary in question, the "Attach to:" menu comes up as "Native Code" automatically. On Windows 10, the same Visual C++ release, attaching to the exact same binary, for some reason is detecting it as Python. Manually setting the Code Type to "Debug these code types:"-->Native allowed the debugger to attach correctly.

Visual Studio Community 2015 slow debugging

I have recently bought new laptop:Hp specter x360 i7-6500 with 8gb RAM.
I have installed Visual Studios 2015 Community in an offline mode, later I updated it.I am currently working in c# window forms.
The point is when I press the button 'Start Debugging', VS build the program in normal speed, but it takes like 10-15 sec to show the output, even for the small programs. This whole thing is for first time debugging after code editing, if I close it and run it again without changing the code, it shows the output on the spot.
And if I run the same program in my old laptop, which has lower specs and same VS, that laptop show the result much quicker.
Based on your screenshot, I see that VS tries to download PDB symbols for system assemblies, which are used by your application. Loading the debug symbols provides simplify debugging of an application but it also slows down the application loading.
You can change symbols loading settings, in the Tools-Options-Debugging-Symbols menu of Visual Studio. Here you can disable symbol loading (if you would use this option you need to load symbols manually using the Debugging-Windows-Modules interface). Or exclude system modules which usually are not necessary to debug a common application.
Check this blog post which provides a great description about how VS uses debug symbols.

How to disable symbol loading when debugging a Visual C++ program?

I am using Visual Studio 2008. I don't need to debug some DLLs in my project, so can I disable symbol loading when debugging a Visual C++ program? Does it help to make startup time faster when debugging?
The symbols are all local, so I don't have those slow loading problem, just want to make debugging faster and faster.
For example I am using Qt libraries, when I hit "Starting Debugging", the Output window shows that the symbols for Qt libraries are loaded. If VS can stop loading those symbols, the debugging startup time should be faster. Of course, I still want VS to load symbol for my executable.
Just found out that Visual Studio 2010 actually do what I want.
To load only the symbol for your executable file, without loading other symbols (eg: DLLs):
Go to Tools->Options->Debugging->Symbols
Click "Only specified modules"
Clear "Always load symbols located next to modules"
Click "Specify modules"
Click the new icon
Enter your executable filename (eg: my-awesome-app.exe)
Also found out that Visual Studio 2010 seems to perform better than Visual Studio 2008 when debugging. At least the IDE layout switches back faster when the debugging is stopped.
I am not sure what you mean by 'startup'. I assume you are talking about the launching of the actual application. The time to launch the target application is expensive regardless of mode you launch it. It may be less in Release but that will be negligible.
Turning off all symbol paths as mentioned in the other solution is a viable option. However, I am not sure why you are debugging if you do not want symbols for your launched application. Without the applications symbols you will not be able to see where you are in the source code when you are debugging.
If you are looking for a faster debugging experience you can use WinDbg. It comes with the Windows SDK but can also be downloaded seperately. If is a faster UI than Visual Studio, but it is much more cumbersome to use if you are more comfortable with a GUI. WinDbg uses commands to perform almost all tasks, but you can do some great debugging and it is faster in many cases compared to Visual Studio. In the event you want to debug C++\CLI or any managed application (e.g. C#), I would stick with Visual Studio. There is an extension in WinDbg called SOS, but it requires some advanced debugging experience to use correctly.

How to use VB6 debugger on Outlook property page OCX?

Using VB6, I have created an Outlook plugin, that has a property page. The property page is an OCX control.
When I compile the project to an OCX file, and then run OUTLOOK, things work fine: I am able to see my OCX as a tab in the Outlook options.
However, when I try to debug by running the OCX in VB6 I get an error. My debugging is started like this:
1) Debug options set to Wait for components to be created"
2) F5-RUN project in VB6.
3) Start Outlook.
4) Get the error: "Cannot display "MyOcx" page. This page will remain visible, but is not available. An OLE registration error occurred. The program is not correctly installed. Run Setup again for the program"
I suspect this is because, when debugging, the OCX is being created out-of-proc and Outlook doesn't like that.
Is there a good technique to use the VB6 debugger on the OCX in this scenario?
The VB6 debugger is sometimes flaky when debugging DLLs or OCXs.
You could try Windbg, a free standalone debugger from Microsoft. Compile your VB6 OCX into native code with no optimisation and "create symbolic debug info" (i.e. create PDB files), and you will be able to debug your OCX in-process in Outlook. Here's a 2006 blog post by a Microsoft guy about using Windbg with VB6, and 2004 blog post by another Microsoft guy with a brief introduction to Windbg.
You could also use the Visual Studio 2008 debugger with VB6 and PDB files, e.g. with Visual C++ Express Edition (which is free). EDIT see Kris's answer for more details.
EDIT: Both Windbg and Visual Studio expect the source code to be in exactly the same path on the debug machine as it was on the build machine when the OCX was built. The easiest way is to build and debug on the same machine. Otherwise you might need to fiddle with SUBST to create virtual drives - or I'm told the serious way is to use a Symbol Server.
(Les serious) you could do without those newfangled interactive debuggers, just log to a file, or with DebugMessage calls from your VB6.
The only way you are really going to be able to Debug this is In Process as MarkJ said. Using the free Visual Studio 2008 C++ Express Edition (or even better, Visual Studio 2008 Professional if you have it, and it is available for a 90 day trial) and a PDB.
To make sure you are creating the PDB, go into Visual Basic, check the P)roject / P)roperties and click on the Compile tag. Make sure "Create Symbolic Debug Info" is checked.
Next start up Outlook, and attach to that process from Visual Studio (T)ools / Attach To Process. Make sure your Ocx is shown in the modules window, and then load the PDB (right click on the Ocx in the modules window). You will probably have to add the source code in the Solution Properties (for more details on how to do that, read this post).
It's a bit of a pain in the butt the first time, but once you can do it, it becomes pretty easy, and is far easier than trying to determine what is going on from a log.
I don't have much idea on the OCX.
However, you can use a tool which was part of visual studio named something like "activex control test tool".
As far as I know (based on my understanding of documentation), OCX is created in-proc.

How to debug a process using Visual Studio?

If an application† crashes,
I hit "Debug" and Visual Studio is my currently registered Just-In-Time (JIT) debugger:
Visual Studio appears, but there's no way to debug anything:
I do not see any disassembly
I do not see any registers (assuming it runs on a CPU with registers)
The call stack is empty (assuming the CPU has a stack pointer)
I do not see any symbols (assuming it had any)
I do not see reconstructed source code from reflection (assuming it was managed)
Other JIT debugger products are able to show disassembly, but they are either command-line based (Debugging Tools for Windows), or do not support symbols (OllyDbg, Delphi). Additionally, my question is about debugging using Visual Studio, since I already have it installed, and it is already my registered JIT.
How do you debug a program using Visual Studio?
Alternatively: has anyone written a graphical debugger that supports the Microsoft symbol server?
† Not, necessarily, written in Visual Studio.
Edit: Changes title to process rather than application, since the latter somehow implies "my application."
Edit: Assume the original application was written in assembly language by Steve Gibson. That is, there is no source code or debug information. Visual Studio should still be able to show me an assembly dump.
Looking at the screenshot it appears that Visual Studio is currently debugging in Run mode - you need to break execution of the process before it makes sense to look at things like the call stack, etc...
To break execution of the process you either need to hit a breakpoint, or you can break execution of the process at any time by using the Pause / Break all toolbar item (Control + Alt + Break).
Then you should be able to access the following windows under the Debug -> Windows menu:
The disassembly window
The registers window
The call stack window
The modules window shows a list of loaded modules along with where their corresponding symbols are loaded from (if loaded)
Some other useful windows:
The processes window is useful if you are debugging more than one process at a time
The Threads window
The Memory window (there are four of them)
The Locals window
Some of these might not be visible by default depending on which window configuration you selected when you first started Visual Studio - if you can't find them then right click on the toolbar and goto customise to add them.
Visual studio doesn't reconstruct soucre code from disassembly - you really need to have the original source code available to you, otherwise the symbols almost certainly won't match the source code you are debugging.
If you are debugging unmanaged modules without source code then I recommend you at least try WinDbg - its user interface is a bit clunky at times, and it does have a steep learning curve, however it is a very powerful debugger supporting many features that Visual Studio doesn't - it may be more suited to the sort of debugging you need to do.
(Visual Studio is a fantastic debugger, however it's primarily used to debug modules where the source code is available and so it lacks certain features in favour of a better user experience).
Assuming this is your application that you wrote in VS, just press F5 to run the program and either use a breakpoint, or manually break the program to start debugging.
The problem in the last screenshot is that Visual Studio did not enter break mode automatically. That seems like a bug. If you hit the 'pause' button on the toolbar, it would enter break mode, giving you disassembly, and a callstack.
According to that last screenshot you were actually attached to the program ... the output windows shows it loaded stripped symbols for OLE and the crt.
You can debug a program with Visual Studio if you have the debug information available for this program. It's the difference between compiling a Release version (normally without debug information) and compiling a Debug version.
This dialog to debug a program is handy if you are testing the debug version of your self-written program. You can attach it "on-the-fly" to your Visual Studio debugger and look for the problem.
If it is not your program or it is your program, but does not provide debugging information which Visual Studio can understand, then you are out of luck.
Use menu Debug -> Windows -> Disassembly (I think the keyboard shortcut is Alt + 8, but I am configured for VC 6.0 bindings, because that's how I roll, and it may have changed).
You can get public symbols for the operating system from http://msdl.microsoft.com/download/symbols. Add it to the list in menu Tools -> Options -> Debugging -> Symbols -> Symbol file locations.
Also, make sure you are running in the same integrity level as the application. Or always run Visual Studio as Administrator.
I guess you are already in the Debug mode. The "Run" button is disabled. Just go to Debug -> windows -> Disassembly to view disassembly.

Resources