We saw some debugging techniques last time. Today let's have a look at something called as DbgHelp library. This is a library solely dedicated to debugging and error handling. It has functions for managing/manipulating symbols, enumerating modules and general debugging functions.

You must have come across something called as Symbols, Symbol Tables, or Symbol Files. Symbols are actually all the debugging information that an executable file could contain to enable debugging of itself. For example, there are symbol files which we use (although unknowingly) when we debug an application in VC++. These symbol files are either .dbg files or .pdb files. These contain all the information necessary for debugging our executable. Symbol files actually reduce the size of the executable since now the debugging information need not be stored in the executable itself.

The dbghelp library has functions to manage these symbol files. It also provides support for minidump files (as we saw in last week's topic).

Go through the About DbgHelp topics to get to know about this library, then use some of it's functions in your own programs. I hope you must now be knowing how to use mini dump files. In kernel development (device drivers etc.) there are full system dumps which get generated when there is a BSOD. In debugging of these drivers, these dumps are the only way out. Also, there are symbol files available for most of the OS components which are freely available from MS site. These contain the information you can use to debug your drivers on particular OS's.

4. Write an application which attaches itself to any given process, then waits for debug events and displays all the OutputDebugString() data that application is emitting (a small scale version of DbgView).

Bpath Counter