flat assembler
Message board for the users of flat assembler.

Index > Main > debugging techniques?

Author
Thread Post new topic Reply to topic
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 02 Jul 2023, 13:46
while debugging, how do you locate a specific set of instructions within the code? let's say there are some 1000 lines of code we have written.. in that i want to debug only code from 600 .. 610 .. one option is to introduce int3 at 599 ... but is there any other better way?

my challenge is how do we identify these 600 .. 610 when we debug our code in a debugger (for example x64dbg) ... because, the moment I open the code in debugger, it's difficult to locate the section of code i want to debug ...
Post 02 Jul 2023, 13:46
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20443
Location: In your JS exploiting you and your system
revolution 02 Jul 2023, 14:22
int3 works fine for me.
Post 02 Jul 2023, 14:22
View user's profile Send private message Visit poster's website Reply with quote
Furs



Joined: 04 Mar 2016
Posts: 2557
Furs 02 Jul 2023, 14:29
If you just want to "identify" the code section you can add some dummy "markers" you can search for in debugger, like:

Code:
jmp @f
rdtsc  ; this is your "marker"
@@:    
I also find an infinite loop useful when I just want to attach a debugger later to a complicated app that, say, loads your plugin:
Code:
@@:
jmp @b    
Post 02 Jul 2023, 14:29
View user's profile Send private message Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 03 Jul 2023, 02:57
in case if we want to find out the values of all the registers (eax, ebx, ecx, edx, esi, edi) ... what kind of tricks you use to find out the values to debug?

i use " invoke, printf "%x", eax

is there a better way?
Post 03 Jul 2023, 02:57
View user's profile Send private message Reply with quote
macgub



Joined: 11 Jan 2006
Posts: 350
Location: Poland
macgub 03 Jul 2023, 06:24
It depends what you want to achive..
Think about:
Code:
pushad
vmovups ymm0,[esp]
add esp,32
    

If your debugger supports it you could view general registers in ymm0 in format you want.. 64/32 bit floats, dword /word integers..
Of course I assume in this case - you hold integers in general registers...
Post 03 Jul 2023, 06:24
View user's profile Send private message Visit poster's website Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1669
Location: Toronto, Canada
AsmGuru62 03 Jul 2023, 13:14
I think the debugger is a better way to find out the register values.
Just use INT3 opcode at some point Very Happy and the debugger will 'break' there and show you the values.
Post 03 Jul 2023, 13:14
View user's profile Send private message Send e-mail Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4069
Location: vpcmpistri
bitRAKE 03 Jul 2023, 16:28
int0x50 wrote:
in case if we want to find out the values of all the registers (eax, ebx, ecx, edx, esi, edi) ... what kind of tricks you use to find out the values to debug?

i use " invoke, printf "%x", eax

is there a better way?
Some programmers like to create their own instrumentation like this with the printf(), or creation of log files to initially narrow down a problem scope. There are cases where a debugger is not available, and the printf() techniques are quite valuable.

My personal strategy is to jump into a good debugger. I like looking at instructions - something similar to the code I'm writing. Modern debuggers offer so many features to accelerate navigation, restart a line of discovery, document research, and automate strategies.

The best approach often depends on the complexity of the code, the tools available, and the nature of the bug. Some issues might be more easily solved by looking at log files, while others require the detailed inspection capabilities of a debugger.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 03 Jul 2023, 16:28
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4069
Location: vpcmpistri
bitRAKE 13 Aug 2023, 17:18
In fasmg we have some super simple debug techniques:
Code:
macro ○ line&
        OutputDebugStringA <_A `line>
        line
end macro    
... because fasm[g] interprets 0x80+ bytes as symbol characters, I just pick a single UTF-8 character -- checkmark, box, etc. -- and make a simple macro to pepper around where I think the error is happening, or to see which way the code is flowing. Then I can just run it and look at the debugger log - "Oh, that's the direction it went before it crashed."
Code:
○     GlobalUnlock rbx
○     SetClipboardData CF_TEXT, rbx ; clipboard owner now owns global memory
○     CloseClipboard    
fasmg works particularly well for this because of how it processes the source - there are less conflicts between different parts of the process. Regardless of whatever abstractions I'm using it just works. I'm sure a comparable fasm macro is possible. It's just a lazy way to catch strange typos or API misuse.

Of course, it's possible to prepend __FILE__, __LINE__ to the debug message of this macro.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 13 Aug 2023, 17:18
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.