How can I debug a binary that has no debugging symbols?_问答_开发者

How can I debug a binary that has no debugging symbols?

开发者 https://www.devze.com 2022-12-17 07:23 出处：网络

I have an executable that re开发者_StackOverflowmained from a previous programmer ( and no source code is available ). The thing is, it started to work kind of buggy and I\'m trying to figure out why.

I have an executable that re开发者_StackOverflowmained from a previous programmer ( and no source code is available ). The thing is, it started to work kind of buggy and I'm trying to figure out why. The tool reads data from somewhere and populates a combobox with it. Is there anyway I could debug it, and see where is it getting the data from?

What tool can do this? Do you have some examples on doing this?

There's a whole palette of tools in the SysInternals suite, formerly by Mark Russinovich, now on Microsoft's Web site (still free, I think). There's something called ~~FileMon~~ProcessMonitor, for example, which tracks opening and closing files, and probably also reading (and more).

There are also similar tools for monitoring network/Internet access.

These tools let you look at many aspects of the program from a "black box" perspective, i.e. without going into source or machine code - just seeing what it does.

As you have the "windows" tag, maybe this is not a useful answer, but on an unix-like environment I would first try the "truss" command, or, on linux, the "strace" command, before attempting to debug the program, to check what system calls does the binary use, and try to find were that data comes from.

Maybe you can try using "strace" from Cygwin, although that's maybe not useful for a "pure" windows program.

Another, maybe better option in windows could be this other tool.

I hope some of that helps.

Since you haven't told us the original language or IDE it's difficult to give advice. If the original was written in C/C++ and you have a matching PDB (Program DataBase) file from that build, then you can debug the release with function names visible just by loading the exe into visual studio and single-stepping into it. Otherwise you're stuck entirely in assembler-land, which is about as much fun as root canal work without an anaesthetic.

But if you don't have the source then (a) you probably don't have the PDB either and (b) if you don't have the source, what are you going to do about any bug you find? Are you hoping that the problem has an external cause?