Is there a way to follow a program's execution through DLL code in hex?
For example, I want to see what sections have just been read when I press a button. It has to work for x64 DLL's.
Thanks!
How would this work, I only can see the function calls and I'm really not experienced with debugging :(
rubenvb
2010-07-04 20:29:27
@rubenvb: Now's the time to get experienced with debugging. It's doing what you want - you can set breakpoints wherever you wish, and see the assembly-language representation of the code.
Borealid
2010-07-13 06:00:55
A:
You can use the tool at http://ircdb.org to log function calls arbitrary DLLs.
It's name is SocketSpy, because initially it was created for tracing winsock.dll only, but it does allow you to trace other dlls.
From http://fixunix.com/programmer/95098-tracing-library-dll-calls-win32.html
Use Option->Default Break Point List Menu to add or remove soft breakpoints from attached DLLs. Put soft breakpoints only at function you need to maximize execution time.
Soft breakpoint means that socketspy does not stop at this breakpoint, only log breakpoint information. Hard breakpoint means that socketspy DOES STOP at this breakpoint, and Breakpoint dialog is opened. Specify what calls should be captured ALL, FROM EXE FILE or from DLLs (Combobox).
Specify log file File->Open Log File menu if you want to save function DLLs' calls into the text file, enable logging (check box).
Then select a new or already action process (Select Process button). The tool can be used in NT/2000/XP only
Alternatively, there is StraceNT, which can trace arbitrary Dlls. It is available for free from http://www.intellectualheaven.com/default.asp?BH=projects&H=strace.htm
mdma
2010-07-12 21:54:51
A:
I've not used it, but I once stumble upon an Intel tool, which samples the context of the Instruction Pointer, and is able to use symbol files to convert IP to an actual function name... VTune maybe?
I guess there might be other such tools
UPDATE: aka. "statistical profilers"...
pascal
2010-07-13 05:58:38
+2
A:
- Load the project in visual studio.
- Press 'Play' or F5 to start the program in the debugger.
- You will need to eventually halt execution sometime so you can start stepping through code or assembly code. You can do this by inserting a breakpoint, or breaking the execution by hitting the break command in the visual studio IDE.
- Once halted, you can right click in the code view window, and select "Show Disassembly". Then it will show you the machine instructions.
- Also in the watch window in the visual studio debugger, the right click pop up menu has an option to display all variables as hexidecimal. I'm beginning to prefer hex myself lately, because I can see invalid memory patterns easier.
C Johnson
2010-07-13 07:06:00
A DLL contains source code. albeit, machine assembly instructions types source code. So yes, the visual studio debugger can let you single step through assembly instructions even if you don't have the source code.
C Johnson
2010-07-14 03:35:28
This seems like it might work, now to install my free student Visual Studio 2010...
rubenvb
2010-07-14 10:55:28
A:
Debugging using IDE does not show you the assembly language equivalent of the execution of an IL instruction. You need to write your own hooks to a proper disassembler.
Carnotaurus
2010-07-13 16:20:45
Assuming of course he wants to debug .NET. Then of course he simply needs reflector to do that. No need to ask a question like that above.
C Johnson
2010-07-15 10:08:58