In Visual Studio, is it possible to view the contents of an array when debugging assembly language code? I already know how to add the array num to the "Watch" window, but I'm still trying to figure out how to watch the contents of the array. It's possible to add a sword array to a the "Watch" window in Visual Studio, but is it possible to view the contents of an array while stepping through the program?
.686p
.model flat,stdcall
.stack 2048
.data
num sword 1000,-1000,2000,-2000 ;I want to keep track of each value in this array while debugging.
;Is it possible to display the contents of all indices of num while debugging?
ExitProcess proto, exitcode:dword
.code
start:![Lots of ?'s are showing up here instead of the actual value of the array][1]
mov ax, num;
mov ax, [num+1];
invoke ExitProcess, 0
end start
You can display the memory occupied by your array.
go to the "memory1" tab next to "auto", "locals", etc
type in the symbol name you want to inspect, or select the variable name in the source and drag it to the Address field of the memory window. That is the way I use to do while debugging C code, as I first test it with assembly it appears that I needed to type it "in the C style", that is enter &num to display the address of the num symbol.
you can customize the word size to display (from 1 to 8 bytes per word) by right-clicking on the window, and you can choose the number of displayed columns in the toolbar options of the window
Related
As the title reads, I am attempting to remove the following line of code with CFF Explorer since the image it refers to has been lost and I would rather nothing be displayed than a broken image icon.
Image :
Cheers.
Then you have to "remove" the using call too, hence overwrite with NOP, no-operation codes for the code after the label above till before the xor eax,eax.
NOP is the byte 90 in X86, so fill in all bytes with 90.
In this way jump addresses can remain untouched. If the label were not there,
maybe for some jump into that point, it would suffice to change the conditional jump, jg= jump on greater, to an absolute jump.
I hope not calling the subroutine has no other effect.
I'm trying to stop WinDbg from displaying source code at all.
I tried to disable by unchecking the Debug->Source Mode option but source code still appear as I step through the assembly.
What can I do to completely disable source code debugging?
I tried the following approaches without success:
unchecking the Debug->Source Mode option
.lines -d command.
l-t command.
Stepping by p and t instead of F10 and F11
this is not an answer to disable the opening of source file window
but a hack to reduce the annoyance it causes
if src window is bothering you on every single step
undock it and reduce its size and place it somewhere in a place where you wont be bothered by it
the other source files in a multi-file project will automatically open in the same place where you put your first undocked source file
you can use alt + w + w to activate any src file if you want to see the source maximize and minimize the window
in the screen shot below 4 src files are open but it wont be annoying you by opening and docking several times and making the command window resize on every source file open
Instead of modifying PDBs or similar, I suggest writing an AutoIt script that closes the source files.
While(True)
CloseWinDbgSource()
WEnd
Func CloseWinDbgSource()
WinWait("[CLASS:WinBaseClass]", ".cpp", 10)
WinClose("[CLASS:WinBaseClass]", ".cpp")
EndFunc
Or you can patch the method windbgx86!WinBase::Create():
0:000> .dbgdbg
and then in CDB
0:000> bp windbgx86!WinBase::Create
0:000> g
[Force opening of a window here]
0:000> bc 0
0:000> a eip
ret
<Enter>
0:000> g
The benefit of that approach is that you don't need to bother with any other windows as well, since no windows will be opened any more.
You can use the .srcpath command to change the source path to an empty directory. Windbg won't have any source code to display.
.srcpath [emptyDirectoryPath]
Your PDB contains the fully qualified path to your source code for each line of assembly. You can see this if you do a "u" command on your function:
kd> u xxx!xxxVolumeEvtIoWrite
xxx!xxxVolumeEvtIoWrite [e:\repos\clients\xxx\xxx\src\xxx_volume.cpp # 1110]:
88c05c60 push ebp
88c05c61 mov ebp,esp
88c05c63 sub esp,38h
WinDbg is going to pop this source code window up if your instruction pointer is on one of these addresses. There is no option to stop this, so the previous answer of hiding the window is a reasonable solution.
Your only other options are to prevent WinDbg from being able to find your source code. You can do this in one of two ways:
Strip the source line information from the PDB so that WinDbg no longer knows the path to the source code. You can do this either with the /PDBSTRIPPED linker switch or with the BinPlace utility
Move your source code to an alternate path so that WinDbg can no longer find it
Is there a way in Visual Studio (2012\13\15, preferably in 2015) to add a debug condition to break when the STAT register changes?
I'm referring to the register value of STAT which can be viewed by opening the "Register" window while debugging, right clicking that window and choosing "Floating Point" x87 and SSE Floating Point Assists in IA-32: Flush-To-Zero (FTZ) and Denormals-Are-Zero (DAZ):
I know you can break on registers like CS or EAX but I doesn't seem to work by simply changing EAX to STAT.
I have linked list containing few tens of objects like this:
struct Item {
Item * next;
const char * name;
....
};
When I want to see in debugger in visual studio what item list holds, I need to hover/click on next many times to expand whole list until I hit nullptr. This is slow, error-prone (hand slips and I can start all over again) and not very organized.
Is there any scripting for VS2015 debugger available in which I could iterate whole list and just dump the name into console or whatever?
EDIT: I found about concord extensibility api ( https://blogs.msdn.microsoft.com/visualstudioalm/2015/10/02/announcing-visual-studio-debug-engine-extensibility-samples/ ) but it seems rather complex.
This is supposed to be in-house tool, so speed/ease of development is more important than robustness and/or easy of deployment.
If the data set you are working with is small, I would go with the tried and true method of std::cout.
Or just dump the contents of the list into a file and put a break point after that file is written to so you can check its contents before the program continues.
You can do it. Insert a Tracepoint (Right mouse button> Breakpoint >Insert Tracepoint) and READ CAREFULLY to whole text of that window. Then you will know HOW to print to the Output window WHAT you want.
Insert also a breakpoint on another line that is CONDITIONAL. Just put a normal breakpoint, then over the red ball, Right mouse button > Condition, then input
!next
Notice the !
I want to find function in disassembly window using Ctrl+F by it's name (from symbols). How can I search through disassembly? Is there any extension?
I don't think searching is possible. However, you can:
1) jump to an address if you know it (e.g. 0x76EC0B28). Enter it in the Address field of the disassembly window.
2) jump to using mangled (decorated) name of the function (e.g. _GetProcAddress#8). Same as above.
3) add a breakpoint using the function name (New->Break at function... in the Breakpoints window), then use "Go to disassembly" from the context menu.
The last one possibly only works in VS2012 and above.