My scenario is I'm supporting a VB6 app at the place I work and in the last few weeks it has started crashing more often than it ever used to. It uses both a local Access MDB database and a remote SQL Server DB for different types of storage. The good news is we are writing a replacement app, the band news I need to support this one in the meantime and the vendor is long gone from this world.
What are some ways I could try and diagnose what is causing the crash? For example so far I've tried ODBC tracing (For the MDB component), SQL Profiler tracing and ProcMon on a client PC.
Is there anything else I could try to discover what the app was trying to do at the time of the crash?
You can also start in a debugger.
windbg or ntsd (ntsd is a console program and maybe installed). Both are also from Debugging Tools For Windows.
Download and install Debugging Tools for Windows
http://msdn.microsoft.com/en-us/windows/hardware/hh852363
Install the Windows SDK but just choose the debugging tools.
Create a folder called Symbols in C:\
Start Windbg. File menu - Symbol File Path and enter
srv*C:\symbols*http://msdl.microsoft.com/download/symbols
then
windbg -o -g -G c:\windows\system32\cmd.exe /k batfile.bat
You can press F12 to stop it and kb will show the call stack (g continues the program). If there's errors it will also stop and show them.
Type lm to list loaded modules, x *!* to list the symbols and bp symbolname to set a breakpoint
Use db address (as in db 01244 to see what's at that memory.
If programming in VB6 then this environmental variable link=/pdb:none stores the symbols in the dll rather than seperate files. Make sure you compile the program with No Optimisations and tick the box for Create Symbolic Debug Info. Both on the Compile tab in the Project's Properties.
Related
I use Visual Studio 2019 to write PostgreSQL extension. I get dll, put it in lib directory, .control and .sql files put in share/extensions of course. Some functions in extension crash somewhere and pgAmin4 answers me
Connection to the server has been lost
How can I debug my extension functions?
I have some experience with debugging extensions written in C but only on Linux.
The first thing that I do is to add in the code "elog" calls with some DEBUGx level to trace the code in PostgreSQL log. For example to display a character string (for this you also need to run to set client_min_messages=DEBUG1):
elog(DEBUG1,"my_extension: my_function: %s",my_string);
The second thing is to use gdb debugger that allows to debug a specific backend: on Linux you can attach a running process to gdb with its process id. but I don't know if this is possible with Windows tools.
I'm having problems with OLLYDBG in Win8.1.
For example, I'm using a simple VB 6.0 program with a textbox and a command box. When I run it through OLLYDBG in WinXP, it shows all referenced text strings properly, while in Win 8.1 it shows only internal info and random values.
SSE and IP are off.
What I mean is that it doesn't properly read any program in Win8, running as admin and attached.
You are asking why a 20c program doesn't work?
You can also start in a debugger.
windbg or ntsd (ntsd is a console program and maybe installed). Both are also from Debugging Tools For Windows.
Download and install Debugging Tools for Windows
http://msdn.microsoft.com/en-us/windows/hardware/hh852363
Install the Windows SDK but just choose the debugging tools.
Create a folder called Symbols in C:\
Start Windbg. File menu - Symbol File Path and enter
srv*C:\symbols*http://msdl.microsoft.com/download/symbols
then
windbg -o -g -G c:\windows\system32\cmd.exe /k batfile.bat
You can press F12 to stop it and kb will show the call stack (g continues the program). If there's errors it will also stop and show them.
Type lm to list loaded modules, x *!* to list the symbols and bp <symbolname> to set a breakpoint
If programming in VB6 then this environmental variable link=/pdb:none stores the symbols in the dll rather than seperate files. Make sure you compile the program with No Optimisations and tick the box for Create Symbolic Debug Info. Both on the Compile tab in the Project's Properties.
Also CoClassSyms (microsoft.com/msj/0399/hood/hood0399.aspx) can make symbols from type libraries.
.
I have created simple exe to perform a task using VB6. I have deployed the same on Windows Server 2008 as task scheduler. The issue is when the user is not logged in on server, task fails to execute.
I have kept option to "Run whether user is logged on or not", still no use.
How do you know that it doesn't run. Task Scheduler keeps a history of what happened.
Most programs have some dependecy on the user profile and the user's configuration.
More likely your program is crashing. Look in TS's History tab. There's a general one and a task one.
How do you know that. You can't see it so you can't know. Many programs won't run if not logged on. If you check a setting, try to use a mapped drive, write temporary files in certain ways your program won't work.
It's irrelevent that it works when you are logged on.
Try it with psexec from Sysinternals. This can run programs as system (unlike RunAs command). See what happens when you run it as system.
http://technet.microsoft.com/en-us/sysinternals/bb545027.aspx
Whatever we need an error number. If your program doesn't have much error reporting then run it with windbg.
psexec -s windbg "c:\yourprogram.exe"
You can also start in a debugger.
windbg or ntsd (ntsd is a console program and maybe installed). Both are also from Debugging Tools For Windows.
Download and install Debugging Tools for Windows
http://msdn.microsoft.com/en-us/windows/hardware/hh852363
Install the Windows SDK but just choose the debugging tools.
Create a folder called Symbols in C:\
Start Windbg. File menu - Symbol File Path and enter
srvC:\symbolshttp://msdl.microsoft.com/download/symbols
then
windbg -o -g -G c:\windows\system32\cmd.exe /k batfile.bat
You can press F12 to stop it and kb will show the call stack (g continues the program). If there's errors it will also stop and show them.
Type lm to list loaded modules, x ! to list the symbols and bp symbolname to set a breakpoint
If programming in VB6 then this environmental variable link=/pdb:none stores the symbols in the dll rather than seperate files. Make sure you compile the program with No Optimisations and tick the box for Create Symbolic Debug Info. Both on the Compile tab in the Project's Properties.
Also CoClassSyms (microsoft.com/msj/0399/hood/hood0399.aspx) can make symbols from type libraries.
.
I have recently started windows driver development. I am wondering how does it actually debug my driver. The setup I have is --> Win7 as host, XP as guest on VMware, and I am debugging through serial port.
The research I have done:
I found only this link saying very few things that I am talking about.
I already know how debugger works on single OS, in that case debugger is also on the same OS, so it knows which process is running. That is understandable. But here, debugger is on entirely different OS, an entirely different environment. I just say file->open source files and I AM able to put breakpoints!! Moreover when I load driver, it actually breaks there. I mean why../How? How does XP's kernel comes to know(drivers are extension to kernel, atleast WDM, don't know about WDK) that there is source code of this driver? and that also outside its control(environment)? I mean I can have 10 files open with breakpoint in them, but it works beautifully, I am not able to fail/fool it.
So what I am thinking is like, whenever we add source to windbg on Win7, it creates the binary from that source, and whenever XP is going to load any binary, it checks if this is the binary that windbg is waiting for. what is confusing in above link is, Vikrant is saying that debugger asks kernel(XP) that it is willing to debug a process --> Bus HELLO... process is running on XP, and windbg on Win7 and does not know name or id of process. It has source code, but consider a case where there is a driver which is build out of 300 files, and just one, probably simplest file is open in windbg, how it matched that this source code is of the driver being run?
#Kjelll answer is correct. Here is the full scenario, including explanation to your comment:
PDB files have line information. This is a mapping from each (file,line) location to address (RVA - relative virtual address).
When you set a break point on a source file, WinDBG checks whether this source file correspond to a current address. If it is - it sets the breakpoint. Otherwise, it becomes a "future breakpoint" (not sure whether Microsoft uses this terminology).
When a new binary is a loaded, the agent on the client communicates with the host, informs it about the binary. At this point - WinDBG will try to allocate a PDB file.
WinDBG will start at the PDB location embedded within the file. You can see this value by using this command line: windbg -dump -pdbpath xxx.sys. This should explain how WinDBG will find a symbol file even if not on the .sympathy path (that I believe answers your comment to Kjell).
WinDBG will then search at the .sympathy.
Once symbol is find, it will look at all future breakpoint, and if applicable will set an actual breakpoint.
I think your link explain your question pretty well, but you have probably not realized what the mechanism of the pdb do for the debugger. The windbg on your host OS uses the pdb file to translate line nubers in the source files to addresses in your guest OS (xp) . Then the the debugger agent uses this address to set break points (Int 3) in the guest OS.This is much in the same way as a local debugger do to a local process.
Is there any "debugger" which lists me all functions of a dll which are getting called of a process?
I have the problem that I need to know what functions a process calls when I press a button. I tried to load it in ollydbg but it does not support x64 processes. And VisualStudio,... well I just can't find anything. So do you have any idea how I could solve that problem. I really searched a lot but I could not find a solution.
I wrote a dynamic tracing toolkit for user mode Windows application, support both x86 and x64. you can check my profile page to get a download link. btw, you can operate the toolkit in the following steps:
run dprobe.exe
open Probe -> Fast Probe
select the process you want to trace
select the dll you want to trace in dll list (warning: not all dll
export function is tracable, you can not select all for ntdll,
kernel32, msvcrt etc system dlls, it can crash if trace some APIs.)
you can also view call statistics by Tool -> Summary, the following is snapshot of tracing firefox nspr4.dll.
finally, File -> Stop to stop tracing.