Greetings all,

I posted this question a few weeks ago now... lots of people read it, but there were 0 replies. (I suppose that means that it was either not an easy question, or it's so silly nobody bothered to reply. :-) Anyways, I thought I would try again cause I'm still stuck:

I have been using SoftIce for a few months now, but there is one thing that I can't figure out and haven't found any mention of in the documentation or any tutorial. The question is:

How do you set a breakpoint on a class method?

More specifically how do you set a breakpoint on a custom method like "MyClass::MyMethod()" or an MFC method like CString::Format()?

I am certain that the symbols are loaded, and I can see "CClass::MyMethod" in the .nms file, so I don't think it's that. If I manage to find the location for "MyClass::MyMethod()" in the Softice code window, then I can set a breakpoint by double clicking on the label in the code window... but this is hardly a practical way of doing so.

My guess is that the problem has something to do with C++ name mangling for class methods... but I don't know how to proceed from here.

Anyone have any ideas?

Thanks,
Jacques

I am not sure I understand what you want to do.

Do you have high level information like CString::Format() method is used in such and such situation? are you debugging an app in which you have source code available, which may make such a question relevant?

The typical work that goes on here happens in code that has been stripped from symbols, debug information, optimized, and not unusually encrypted and obfuscated, all of which make locating the code of a high level method unfeasible or perhaps unnecessary.

IDA can recognize typical "signatures" of common use methods in libraries like MFC and label them in the dissasembly accordingly, but this may not be what you want.
Can you provide an example of the problem you want to solve??

Hi. First, here are the answers to your questions:

1) I can't think of anything special about the situation.

2) I do not have source code available, only what IDA provided.

3) I pulled "MyClass::MyMethod()" and CString::Format() out of the air as examples of a class method implemented by the developer, and a standard class method that is part of MFC.

I understand the type of reversing work that happens here, and I was doing something similar. I should also clarify that I mis-spoke in my initial post, I am not stuck in the sense that I can't accomplish my objective... that was resolved weeks ago. I am stuck on this in the sense that it's bugging me... I also don't understand why I can't say "bpx CString::Find" or "bpx CDialog::OnInitDialog".

I did use IDA to disassemble the code in question, and it was IDA that provided the following at the top of the function disassembly:

public: unsigned char __thiscall CVerifyI::VerifyInstallNmbr(char const*) const
public ?VerifyInstallNmbr@CVerifyI@@QEEPBD@Z
?VerifyInstallNmbr@CVerifyI@@QEPBD@Z proc near

A few lines down there was an IDA generated jmp label: loc_40003278

I could not break on VerifyInstallNmbr() no matter what I tried, but breaking on loc_40003278 worked as expected.

After generating the .nms file from IDA, and loading and translating it in the Symbol Loader, VerifyInstallNmbr() show up as (in the Softice code window):

CVerifyI::VerifyInstallNmbr(char

(Not a typo, the label ends after the 'r')

So the questions are:
- Is it possible to say "bpx VerifyInstallNmbr" in some fashion?
- Is the label trucation messing up Softice?

In the more general case, why does "bpx CString::Find()" not work? Is it because Softice can only determine the mangled C++ name and not the developer friendly name because I have no .nms file for MFC? Or maybe this is where ordinals come in?

I have probably confused things even more... thanks for your patience.
Jacques

Hi

If you break in the context of the program and type SYM, does your function and address show up, along with all the other nms symbols? In theory, that symbol name should be the one you can use in a breakpoint. If it doesn't, maybe you can simplify and undecorate it in IDA without the :: or brackets and try again.

K.

Hi Kayaker,

Thanks for telling me about the SYM command, that's very useful... I definitely won't be forgetting that one.

The function does show up in the list produced by SYM in the same truncated form as in the code window:

CVerifyI::VerifyInstallNmbr(char

I was about to try your second suggestion (renaming/simplifying the function name in IDA) when I noticed that perhaps I hadn't chosen the correct options in IDA when generating the MAP file. The three checkbox options for deciding what to include when generating the map file are:

- Segmentation information
- Autogenerated names
- Demangle names

Only the first one is checked by default, so I always used to check the other two as well because it made sense to include the autogenerated names and to demangle the names.

I generated a new map file with "Demangle names" UNchecked, with the hope that this option was messing up the class::method symbols. Loaded the new .nms file in Softice, and the symbol is fixed! It is now:

CVerifyI::VerifyInstallNmbr

and simply typing "bpx CVerifyI::VerifyInstallNmbr" works just fine.

Thanks a lot for your help!

Jacques.

Hey, glad it worked. Thanks for your explanation as well, that's definitely useful to know.

Cheers,
Kayaker