Thursday, February 2, 2012

Debugging using .MAP and .COD file: The forgotten Method.

I was trying to use MAP to debug suddenly found something is missing after some searching here is what I found.
Couple of years back VC++ developers where using this method to debug  applications.
This was using
/MAP,
/MAPINFO: EXPORTS linker switches and
/MAPINFO: LINES compiler switch

Unfortunately /MAPINFO: LINES has been deprecated starting VS 2003.

So here is how to achieve the same result with VS 2005 and above.
First the required settings :

  1. We need to do the following settings in the linker section need to select the
    1. Generate MAP file
    2. MAP file exports
             As shown in the fig below.

  1. Do the following settings in the C++ section of the project.
    1. Assembler output: add the compiler switch /FAcs
This will output a .cod file which will contain both the machine code , assembly code along with Source. As shown in the figure below.

Next the actual debugging.

  1. The following will be the code snippet I plan to use to simulate the exception.
            char* chCrash=NULL;
   *chCrash='x';

  1. Once you run the faulty program you will end up with access violation dialog as shown below.




  1. You can address in this exception is 0x00040106c.
  2. Open the MAP file you will find the preferred load address.
        Preferred load address is 0x00400000

  1. Exception address – Load address = offset where the exception has happened. Which would be : 0x106c.
  2. But the actual WinMain starts at 0x1000 from 0x00400000
  3. So the actual offset would be 0x6c
  4. This offset lies between the
0001:00000000       _wWinMain@16               00401000 f   DebuggingUsingMAP_AND_COD.obj

0001:00000100       ?MyRegisterClass@@YAGPAUHINSTANCE__@@@Z 00401100 f   DebuggingUsingMAP_AND_COD.obj

As shown in the above two lines from the .MAP file.

  1. So now open the .COD file and go to an offset 0x6c from _wWinMain@16        
     0006c  c6 00 78          mov    BYTE PTR [eax], 120           ; 00000078H
           Here 120 is the ascii value of ‘x’, which corresponds to *chCrash='x';

That is it! For now hopefully I have revived some old memories.
Posted by at 11:41 AM
Labels:
Location: Bangalore, Karnataka, India

1 comment:

Subscribe to: Post Comments (Atom)