Search This Blog

Tuesday, 23 September 2014

WinDbg : Selectively Breaking Into The Debugger...The .step_filter Extension Command

WinDbg : Selectively Breaking Into The Debugger...The .step_filter Extension Command


Assuming that you have a code construct like this:

printf( "%d\n", MyFunc() );

In the debugger you can put a break point in the line where this code lies. After which you can single step into the code, which means that you will have to step both into printf and MyFunc. Neither the p or the t command can be used to separate these calls. The t command will step into both printf and MyFunc where as the p command will step over both of them. This is where step filtering helps. .step_filter allows you to filter out one of these calls while still tracing the other one. Experienced programmers can argue that the assembly view of the above lines would actually split up the functions in different lines and thus we can set the breakpoint in the appropriate line. true that! Step filtering is not meant for assembly code, it is simply not required there, it is designed to be used with high level language constructs, if one wants to have the same granular level control as one gets with assembly code.

The step filter command can be used like this:

kd>.step_filter "msvcrt!*" 

This will filter all calls from the msvcrt module. As we see, it accepts wildcards as well.

happy debugging!


No comments:

Post a Comment