PMA 431: WinDbg Preview: Source-Level Debugging (10 pts extra)

What you need

Purpose

To use WinDbg Preview for user-land debugging.

Installing WinDbg Preview and Visual Studio 2019

If you are using the Windows 10 with Tools machine from your instructor, WinDbg Preview and Visual Studio 2019 are already installed.

If you are using some other machine, see these two projects for instructions to install them.

Preparing to Compile C++ Code

Click Start. Scroll down to the programs starting with V. Expand the "Visual Studio 2019" section.

Click "x64 Native Tools Command Prompt", as shown below.

Creating a C++ Program

In the "x64 Native Tools Command Prompt" window, execute these commands: 
mkdir c:\MyApp
cd c:\MyApp
notepad MyApp.cpp
Click Yes to create a new file.

Paste in this code, as shown below. 

void MyFunction(long p1, long p2, long p3)
{
    long x = p1 + p2 + p3;
    long y = 0;
    y = x / p2;
}

void main ()
{
    long a = 2;
    long b = 0;
    MyFunction(a, b, 5);
}

In Notepad, save the file.

Compiling a C++ Program Without Symbols

In the "x64 Native Tools Command Prompt" window, execute these commands: 
cl MyApp.cpp
dir
As shown below, the compilation process created an .exe file and an .obj files, but no .pdb file.

Launching WinDbg Preview

Click the Start button and type WIN. Click "WinDbg Preview".

Loading MyApp

In WinDbg, click File, "Launch executable".

Navigate to:

C:\MyApp\MyApp.exe

and double-click it.

The app loads, and stops inside ntdll, as shown below.

Finding "main" symbols in MyApp

In the lower center of WinDbg, execute these commands: 
x MyApp!*main*
x MyApp!*
There are no results, as shown below.

To see the problem, execute this command: 

lm
The "MyApp" module is loaded, but it has no symbols, as shown below.

This makes it difficult to find the MyApp code.

Close WinDbg. This is necessary because it locks the MyApp.exe file.

Compiling a C++ Program with Symbols

In the "x64 Native Tools Command Prompt" window, execute these commands: 
del MyApp.obj
del MyApp.exe
cl /Zi MyApp.cpp
dir
As shown below, the compilation process created an .exe file and two .pdb files, which contain debugging symbols.

Launching WinDbg Preview

Click the Start button and type WIN. Click "WinDbg Preview".

Loading MyApp

In WinDbg, click File, "Launch executable".

Navigate to:

C:\MyApp\MyApp.exe

and double-click it.

The app loads, and stops inside ntdll, as shown below.

Finding "main" symbols in MyApp

In the lower center of WinDbg, execute this command: 
x MyApp!*main*
Now it finds symbols, including MyApp!main, as shown below.

Setting a Breakpoint and Running To It

In the lower center of WinDbg, execute this command: 
bu MyApp!main
In WinDbg, at the top left, click Go.

The app runs to the start of main(), and the top left pane shows the C++ source code, with the breakpoint and current instruction highlighted, as shown below.

At the lower left, notice the "Locals" pane. This shows the local variables. Right now they contain zeroes.

Stepping Through the Code

In WinDbg, at the top left, click "Step Into" twice.

As shown below, the program proceeds to line 11 of the source code. The variable a is now set to 2.

In WinDbg, at the top left, click "Step Into" several more times, until the program executes source line 5.

The program cannot execute this instruction because of a divide-by-zero error, as shown below.

PMA 431.1 Crash Message (10 pts)

The flag is covered by a green box in the image below.

References

Debugging Using WinDbg Preview
Common WinDbg Commands (Thematically Grouped)
Getting Started with WinDbg (User-Mode)

Posted 10-14-20
Project number fixed 10-15-20
Bold tag fixed 10-20-20
Minor improvements 4-13-2021
Flag changed and nothing run as Administrator anymore 11-2-21