What can you do with GoBug?
The following describes some of the most useful things you can do with GoBug in a Windows context
GoBug is a symbolic debugger which is able to run another program (the "debuggee") in closely controlled conditions.
Using GoBug allows you to:-
Use F5 or F6 to single step through the debuggee's code, that is, the processor will execute a single instruction at a time, which you can watch in the codepane. Meanwhile you can watch how this affects the debuggee's main registers and flags, stack and memory areas. You can also view the floating point register pane, the MMX register pane or the 3DNow!, XMM, SSE and SSE2 register panes.
Try the Testbug conditional jump and use of flags test, to practice single-stepping
Execute but jump over calls by using F6.
Use F7 to run the debuggee with the event/message hooks and fully trapped to keep a detailed log of the debuggee's execution for later view. This will be a very detailed log showing each instruction and showing changes to the registers.
Use F8 to run the debuggee with the event/message hooks but with the trap released to keep a partial log of the debuggee's actions. This is log limited to events and messages.
Use F9 to run the debuggee in the "background" until an exception occurs (whereupon you can view the point of the exception in the codepane and view the registers and stack history).
Practice this using Testbug as the debuggee
Run the debuggee in the background (F9 action) but then try to regain control by using the hot-key or the traffic light control. .
Practice this by putting Testbug into an infinite loop and then break out of the loop
Execute but jump over parts of code by setting a code breakpoint or by running the debuggee to the end of the current procedure.
Run the debuggee's code to a breakpoint in the code and then stop execution. This allows you to carry out tests at that point or to single step from that point to test that particular part of your code.
Set a breakpoint to run the debuggee until any message or until a particular message, or until a particular message to a particular window procedure.
View the sequence and detail of messages by single-stepping past a procedure or api which causes message activity and then looking at each message using the single-step message break, or by running (hook, part log) and then viewing the messages in the event/message log pane.
Practice this using Testbug as debuggee
Set a breakpoint to run the debuggee until the start of a new thread and then single-step to study execution of that thread.
Practice this using Testbug as debuggee
Single-step more than one thread at once to see how Windows shares processor time between threads or better to understand a multi-threaded application. View in the log the real-time inter-action between threads.
Practice this using Testbug as debuggee
View the contents of the stack in detail using the ESP stack pane and EBP stack pane.
Practice viewing arguments and local data on the stack pane using Testbug as debuggee
View the stacktrace pane to see the depth and position of the call from information on the stack.
Change the contents of the stack.
Single-step past apis to check whether they return an error, and if so, view details of the error in the log.
Practice viewing api errors using Testbug as debuggee
Use F7 to run past APIs with whilst retaining control. GoBug will break if an API error occurs- see break on API error.
Change the (ordinary) register values or flags at run-time to correct errors or to check your code. Change the MMX registers, the floating point registers or any of the special registers (3DNow!, XMM, SSE or SSE2) at run-time to see how the changes affect the running of your code.
View and check a disassembly of the opcodes produced by your assembler or compiler, view and check any executable code as assembler mnemonics in the codepane or in code inspector, examine in detail how the mnemonics work by watching the panes.
If symbols are loaded, view a list of the code and data symbols for the debuggee and its Dlls and make a code inspector or a data inspector to view the code and data addresses represented by the symbols.
View the debuggee and its Dlls addresses (the executable images) as loaded in memory: this will be quite different from looking at the debuggee as a file on disk with a file viewer, for example PEView (available from Wayne J. Radburn's assembler page) or similar. Make a code inspector or a data inspector to view the addresses.
Promenade the debuggee's memory context and shared memory and view the results.
Search the debuggee's memory context and shared memory for specific strings or values and view the results.
View information about the debuggee at run-time.
View the debuggee and Dlls resources as loaded in memory and (subject to copyright) extract useful resources from executable files.
Print or dump to a file the contents or part contents of any of the panes.
