调试笔记 | WuRui

调试九法 -> 规则和小故事
软件调试实战
https://www.debugging-guide.com/tools

Memory error checking in C and C++: Comparing Sanitizers and Valgrind
https://developers.redhat.com/blog/2021/05/05/memory-error-checking-in-c-and-c-comparing-sanitizers-and-valgrind

debug_note.md
https://www.sourceware.org/gdb/documentation/
https://lldb.llvm.org/
https://lldb.llvm.org/use/map.html

-static-libstdc++会导致gdb的-enable-pretty-printing失效
https://codeyarns.com/tech/2014-07-17-how-to-enable-pretty-printing-for-stl-in-gdb.html

https://9to5answer.com/how-to-pretty-print-stl-containers-in-gdb

Break on all retq of current function
https://stackoverflow.com/questions/3649468/how-to-set-a-breakpoint-in-gdb-where-the-function-returns

test.cpp

#include <map>
#include <utility>
#include <vector>

int main() 
{
    std::vector<int> v;
    v.push_back(0);
    v.push_back(1);
    v.push_back(2);
    std::map<int,int> m;
    m.insert(std::make_pair(0, 0));
    m.insert(std::make_pair(1, -1));
    m.insert(std::make_pair(2, -2));
    return 0;
}

gdb.in

file main.out
b test.cpp:14
r
p v
p m
exit

shell

1
2
3

c++ test.cpp -g -o main.out
gdb -q -x gdb.in
lldb -s gdb.in

https://github.com/DamZiobro/gdb-automatic-deadlock-detector

show breakpoint

#gdb
info break
i b
#lldb
breakpoint
b

http://labmain.com/2016/11/02/LLDB_debugging_skills/

1 2	e int $c=3 p $c

https://www.cnblogs.com/zl1991/p/7344707.html

gdb

set exec-wrapper env ’LD_PRELOAD=libtest.so’
set disable-randomization on
# Debugging Forks GNU/Linux kernel version 2.5.46 and later
checkpoint
restart 1
# https://www.lmlphp.com/user/13608/article/item/435073/
watchpoint # This is sometimes called data breakpoints.
catchpoint # A catchpoint is another special breakpoint that stops your program when a certain kind
# of event occurs, such as the throwing of a C++ exception or the loading of a librar
help catch
reverse-continue # Running programs backward
set args 1 2 3
p *argv@argc
show values
show convenience
p $_thread
p $_gthread
start
x/i $pc
p/s $pc
print $xmm1 # x86
info float
info vector
info auxv
whatis FILE
return/finish
p (char *) getenv ("PATH")
info proc stat
show osabi
show cp-abi
pi gdb.breakpoints()[0].location
gu (+ 20 3)
gu (display (+ 20 3)) (newline)

DebuggingRepository
x64dbg
TitanEngine
LLDB
debugbreak
core_analyzer
debug_assert
drmemory
dynamorio
templight
systeminformer
dbg-macro
sanitizers
minitrace
lldb-mi

调试器实现挂起

gdb
linux sigsuspend
mac thread_suspend/task_resume
windows SuspendThread
lldb
linux PTRACE_SINGLESTEP/PTRACE_CONT

windows

所以，对于前面两个问题的答案是:

优秀的开发人员总会留下一条排错的捷径。比如 log 或者是 debug 版本。
遇上愚蠢的开发人员，从不给程序的排错留后路，是一个严重的问题。
为了方便调试，优秀的开发人员至少会做到：
多使用 assert, trace
适当合理地添加 log
每次编译发布后，都把 PDB 文件分不同的版本当宝贝一样保存在安全的地方。
总是编译一个 release 版本，一个 debug 版本
有了上面的准备，无论问题多么神秘，下面两招总是有用的:
部署 debug 版本
收集程序的 log
最高的调试技巧是开发人员通盘的考虑跟合理的设计，让任何潜在的问题都可以水道渠成地
解决。

LdrpInitialize

at -> schtasks

gflags -i iexplore.exe +ust
set _NT_SYMBOL_PATH=SRVD:\websymbolshttp://msdl.microsoft.com/dow
nload/symbols
umdh -p:5728 -f:ie1.log
umdh -p:5728 -f:ie2.log
umdh -p:5728 -f:ie3.log
umdh ie2.log ie3.log > cmp23.txt

前面介绍的第三种方法就使用 API Hook 监视内存操作。IIS Diagnostics 就是使用这种技术的
现成工具

EVENT FileSystemControl
IRP_MJ_FILE_SYSTEM_CONTROL

dt ntdll!_*

https://gjbex.github.io/Defensive_programming_and_debugging/
https://xinqiu.gitbooks.io/linux-insides-cn/content/Booting/linux-bootstrap-1.html