http://www.phenoelit.de
Introduction
(dum(b)ug) is a full open source Windows debugger core, implemented as C++ class architecture for instant debugger creation in the Win32 environment. It supports a number of features, including:
Full encapsulation of the Win32 debug API
PE file format parsing (.exe, .dll files)
Codeview, COFF and FPO debug symbol support (no PDB yet)
Single-shot soft breakpoints and automatic restore of original code
Single stepping
Disassembly using a libdisasm Windows port, including jump prediction
Handling of exceptions, breakpoints and other important stuff either by specification of call-back functions or by overloading virtual prototypes provided in the class in case you prefer to inherit the functionality.
ltrace for Windows
ltrace for Windows - here named "(dum(b)ug) tracer" is a library call tracer supporting the logging of calls to library or program functions to automatically identify function arguments and results, hereby aiding quick auditing of closed source code for the use of insecure functions. This is a example implementation for the (dum(b)ug) core.
How it works
The (dum(b)ug) tracer works by specifying the function prototypes that are supposed to be traced and then attaching the tracer to the process in question or loading the process. The function prototypes are specified in a trace definition file. Example:
int printf( char *, char *);
"haxor" == int sprintf( [out] char *buffer, [in] fmtchar *format);
This example illustrates a number of concepts (dum(b)ug) tracer uses:
You can specify plain C notation function prototypes
You can name arguments for more readable output
It supports argument directions. Specification of [in] will cause the argument to be inspected in depth only when the function is entered, [out] only then the function returns and [both] or no direction information causes inspection in both cases. This allows you to ignore uninitialized buffers, for example the output buffer of a sprintf() call.
You can perform output matching on the returned buffer (or the first [out] char buffer, in case the return value is not a char* or wchar* buffer). This way, you will only see functions whose result contains this string
Variable number of arguments such as with sprintf(char *, char *, ...) is not supported and you have to rely on the actual output
wchar type is supported and the output is tailored to be ASCII again
The following types are supported:
char - a single character
char* - a char buffer
fmtchar* - a char string being a format string
int - a 32bit integer
int* - a pointer to a 32bit integer
void - nothing
void* - arbirary 32bit pointer
wchar - a single wide character
wchar* - a wchar buffer
fmtwchar* - a wchar string begin a format string
