Debugging in Assembly Mode

  • Article
  • four minutes to read

If you accept C or C++ source files for your awarding, you can utilise the debugger much more powerfully if you debug in source way.

Notwithstanding, there are many times you lot cannot perform source debugging. You lot might non have the source files for your application. Y'all might be debugging someone else's code. Y'all might not have built your executable files with full .pdb symbols. And even if you can practice source debugging on your awarding, you might accept to trace Microsoft Windows routines that your application calls or that are used to load your application.

In these situations, you have to debug in assembly mode. Moreover, assembly mode has many useful features that are not nowadays in source debugging. The debugger automatically displays the contents of retention locations and registers as they are accessed and displays the address of the plan counter. This display makes assembly debugging a valuable tool that you tin can use together with source debugging.

Disassembly Code

The debugger primarily analyzes binary executable code. Instead of displaying this code in raw format, the debugger disassembles this code. That is, the debugger converts the code from machine language to assembly language.

You tin can display the resulting lawmaking (known every bit disassembly code) in several different ways:

  • The u (Unassemble) command disassembles and displays a specified section of auto language.

  • The uf (Unassemble Office) command disassembles and displays a part.

  • The upward (Unassemble from Physical Memory) command disassembles and displays a specified department of machine linguistic communication that has been stored in physical memory.

  • The ur (Unassemble Existent Mode BIOS) command disassembles and displays a specified 16-chip real-manner code.

  • The ux (Unassemble x86 BIOS) command disassembles and displays the x86-based BIOS code instruction set at a specified address.

  • (WinDbg only) The disassembly window disassembles and displays a specified section of machine linguistic communication. this window is automatically agile if you lot select the automatically open disassembly control on the window carte du jour. you can also open this window by selecting disassembly on the view carte, pressing alt+seven, or pressing the disassembly (alt+7) button (screen shot of the disassembly button.) on the WinDbg toolbar.

The disassembly display appears in four columns: address offset, binary code, assembly linguistic communication mnemonic, and assembly language details. The following example shows this display.

              0040116b    45          inc         ebp             0040116c    fc          cld                         0040116d    8945b0      mov         eax,[ebp-0x1c]

To the right of the line that represents the current program counter, the brandish shows the values of whatsoever retentivity locations or registers that are beingness accessed. If this line contains a branch didactics, the note [br=1] or [br=0] appears. This note indicates a branch that is or is not taken, respectively.

You tin can apply the .asm (Change Disassembly Options) command to alter how the disassembled instructions are displayed.

In WinDbg's Disassembly window, the line that represents the current programme counter is highlighted. Lines where breakpoints are set are also highlighted.

Yous can also use the following commands to manipulate associates code:

  • The # (Search for Disassembly Pattern) control searches a region of memory for a specific pattern. This command is equivalent to searching the iv columns of the disassembly display.

  • The a (Gather) command can have associates instructions and translate them into binary machine lawmaking.

Assembly Manner and Source Mode

The debugger has two different operating modes: associates way and source manner.

When you are single-stepping through an application, the size of a single step is ane line of associates code or one line of source lawmaking, depending on the mode.

Several commands create different data displays depending on the mode.

In WinDbg, the Disassembly window automatically moves to the foreground when you run or footstep through an awarding in assembly mode. In source mode, the Source window moves to the foreground.

To set the style, you can practise i of the following:

  • Use the l+, l- (Set Source Options) command to control the mode. The fifty-t command activates assembly style.

  • (WinDbg simply) Articulate the Source Mode control on the Debug carte du jour to cause the debugger to enter assembly mode.You can also select the Source way off button (screen shot of the source mode off button.) on the toolbar.

In WinDbg, when you are in assembly way, ASM appears visible on the status bar.

The shortcut menu in WinDbg's Disassembly window includes the Highlight instructions from the current source line command. This control highlights all of the instructions that correspond to the current source line. Frequently, a single source line corresponds to multiple assembly instructions. If lawmaking has been optimized, these assembly instructions might not exist consecutive. The Highlight instructions from the current source line command enables you lot to detect all of the instructions that were assembled from the current source line.

Assembly Language Source Files

If your application was written in assembly language, the disassembly that the debugger produces might not exactly match your original code. In item, NO-OPs and comments volition not be present.

If you desire to debug your lawmaking by referencing the original .asm files, you must apply source mode debugging. You can load the assembly file like a C or C++ source file. For more information about this kind of debugging, meet Debugging in Source Way.