Developer's platform of programming text codes

Table of contents -> Chapter 18 - Debugging assembler instructions

It was found advisable the "Ollydbg" programs debugger, below is basically explained how to use it; its version 1.10 has shown stability and can be downloaded from the Internet (see chapter Links).

After opening the debugger and the .exe or .dll to debug, the following keyboard commands are useful:

Key "F2" Creates a breakpoint or debugging point on the selected instruction.

Key "F8" Proceed the debugging performing one-step that avoids the debugging of procedures instructions.

Key "F7" Proceed the debugging performing one-step that makes also the debugging of procedures instructions.

Key "F9" Run the program until it finds a breakpoint if any.

Key "Ctrl+F9" Run the program until we find an "ret" (or back to procedure) instruction.

Successively it will be shown a way to debug a part of a program, lets suppose that we have the following program on TEIMSI:

		var num1=1.3, num2=4.5, double_result=0.0

			mov eax, 074747474h

			fld qword [num1+reg.vo]
			fmul qword [num2+reg.vo]

			fld qword [num1+reg.vo]
			fdiv qword [num2+reg.vo]

			faddp st1, st

			fstp qword [double_result+reg.vo]


What is done by the code on the "direct" block is equivalent to the instruction: "double_result = sqrt(num1*num2 + num1/num2)".

The "mov eax, 074747474h" instruction looks like redundant but is useful to locate the code to debug with Ollydbg. Then we open the compiled program using debugger and copy all the code of the main module by pressing the "Home" key, then the combination "Shift" + "End", and then right click to choose the "Copy" menu and "to Clipboard". Now we can open the editor of TEIMSI (on the home screen press the "Esc" key) and paste the copied from the debugger, then press the key combination "Ctrl + R" and search for the string "74747474", automatically see the address in memory of the instruction and seek this direction in the debugger. Then put there a breaking point with the "F2" key and run the program with the "F9" key, the debugger will stop at that instruction and we press the "F8" key repeatedly to see how the "FPU" data registers change (see on the right of the debugger).

There are many debuggers and disassemblers on the Internet, a very known one is called "IDA Disassembler".

Go to top