http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Sun, 08 Apr 2007 12:28:10 -0500 https://www.openrce.org/blog/view/690/Experiences_with_the_debugger dhruvakm <email-suppressed@example.com> It has been a while since I felt really challenged in the debugging area. Well, not that I am a geek or an expert in the finer art of programming or debugging, I was just confident enough as I had not encountered a situation where I was not in control.<br /> I recently had to find a performance hole in one of our products which partly runs in a 3rd party process. So, I am at a disadvantage in not having the source code, debug symbols and the executable! I just have a process dump taken when the system was experiencing unexpected high CPU usage.<br /> DebugDiag came to my rescue, I was able to identify the threads that were consuming higher CPU usage. Armed with the call stack of limited depth, I could not make further progress. I was aware of the capabilities of WINDBG, I decided to analyze the process dump using WINDBG but found myself lost in the maze of cryptic commands and their most unfriendly syntax.<br /> I had just started toying around with OllyDbg. I kept my fingers crossed and hoping it would help me analyze the dump file, opend the process dump file. I was not lucky enough and could not use OllyDbg to analyze a dump file (Is there a method using OllyDbg to analyze a dump file I am not aware of?).<br /> I am not back to learning WINDBG as I know I will need it till I find a tool as flexible and convinient as OllyDbg with support to analyze windows process dump files.<br /> I have had a decent experience in debugging applications and dump files on UNIX using the truly great GDB (GNU) which has the tab completion feature. That is one single feature with which I have convinced a whole lot of developers to start using command line debugger rather that limiting themselves to the GUI based interface. I hope GDB will one day have WINDBG/CDB as a backend with the GDB front end. I do not have to unlearn the few things I have learnt in GDB and can put the same to use.<br /> A question to the gurus, is a windows dump close enough to a UNIX core file? Does GDB on windows handle windows dumps or is there a work around to make GDB understand the windows dump format?<br /> If I do get answers, I will post them here...