Small debugger with Windows

zhaozj2021-02-16  24

Small debugger with windows comes withdr.watson

1.Dr.watson?

Dr.Watson (DRWTSN32.EXE) is a debugging tool with Windows, which is relatively weak compared to the compared professional program (Windbg, NTSD ...), but she should be a better choice in the following occasions. :

a. In the test machine where any debugging tool is installed, our program crashes. What should I do? Is it a dialog box that popped out of the error to the developer? To tell the truth, the dialog says the developer There is too little information, the only thing that can be concluded: Oh, this program crashed.

b. On the end user's machine; our procedure has been sold in the end user, the program crashes, what should I do? Question?

At this time, Dr.Watson showed her advantage: She is a debugging tool with Windows, and she does not need to be installed, and she can provide the information necessary to determine the problem.

This is to say that Dr.Watson helps us at all times:

1. The application crashed (CRASH);

2. The application encountered an exception (Note: An exception is generated if we take all measures, such as the try-catch mechanism, does not cause crash)

2. When will DR.Watson is running?

If Dr.Watson is set to the default debugging tool, Dr.Watson will run automatically when any program in your Windows crash, of course, her run may not have an interface (can be set in the Dr.Watson interface) She just silently generated a file containing the error message in a specific path. Maybe you have to do this to develop a file containing the error message. Note that we have said before "if Dr. Watson is set to the default debugging tool. "That is to say that Dr.Watson is not the default debugging tool on your machine, for example, you have installed VC6 , then VC6 will become your default debugging tool .... How do you set our Dr.Watson sister to the default debugging tool? Get See 4. How do I set Dr.Watson to Windows default debugging tools?

Another way to run Dr.Watson is to enter Drwtsn32 Enter in Run (running).

3. What file will Dr.Watson generate when there is a program crash? Where is there?

Dr.Watson generated DRWTSON32.LOG, User.dmp file, where drows are a text file. Everyone can find a TeXtedit to open. The interpretation of the information contained later has been introduced later, the user.dmp file is A slightly professional debugging tool for Windbg, Windbg can be imported into the USER.DMP file and see the crash.

The storage location of the file can be set in Dr.Watson, the default storage location and the Windows version are:

Windows NT:% UserProfile% / Local Settings.

Windows 2000:% Allusersprofile% / Documents / Drwatson.

Windows 2003:% Allusersprofile% / Application Data / Microsoft / Dr Watson.

Windows XP:% Allusersprofile% / Application Data / Microsoft / Dr Watson.

Here is the file location on my WinXP machine:

4. How do I set Dr.Watson into a Windows default debugging tool?

START (start) àrun (running), enter "Drwtsn32 -i" Enter, ok, now Dr.Watson is your Windows default debugging tool.

5. How to let Dr.Watson only care about the crash of the program I specified?

Most time we don't care whether other programs have collapsed and just care about the procedures we are testing / debugging. We can let Dr.Watson only record the crash of the program we are interested in??

Enter "Drwtsn32 -P Processid" in the Run (Run) dialog You can specify that Dr.Watson only debugs the specified process.

What is processid? Yes Process ID

Then how do I know the ID of the process I want to debug? It is very simple: 1. Open Task Mamager, select View-> Select Columns;

2. Then pop up a dialog box, we choose the PID that Checkbox;

Ok, we can see the PID of each process in the task manager (Task Mamager).

6. Interpret Dr.Watson generated Dr.Log.

Because the user.dmp file is mainly provided to other debug tools so let's take a look at the DRWTSON32.log file.

A. We write a simple crash program (CrashDemo.exe) to clear the information contained in this file:

1. #pragma comment () Indicates that the compiler generates a PDB file for us. If you need it, I will have a specific documentation.

The caccessviolation function generates an access exception: write something to the 0x00000 address, I don't have any try-catch mechanism, so I definitely trigger crash.

B. We set up Dr.Watson ....Run Dialog Box Enter "Drwtsn32", Enter:

1. Because our previous program is compiled to generate a PDB file, we hooked "Dump Symbol Table" here;

2. Crash dump type We hook "full".

C. Ok, run our program (CrashdeMo.exe), crash .... We start to interpret Drwtsn32.log ...

This is exactly what we need, open DRWTSN32.LOG: (the order in the following sections and the order in the real DRWTSON.LOG file)

Below this piece is where our focus should be concerned, because it shows the reasons for crashing and on-site information:

Based on the above information combined with source code We can position the location and cause of crash; if we don't have source code, we can only give this conclusion:

1. The function behind the source code OutputDebugstring has illegally accessed, and it is attempt to write content to 0x00000000;

2. The error instruction is located in 0x00401063 (the value of the IP register), we can find which module (exe, dll ...) in the previous module list.

Next is "* ----> RAW Stack Dump <---- *" this piece, if we don't look at the address, we may not use this piece.

转载请注明原文地址:https://www.9cbs.com/read-26304.html

New Post(0)