hi
When we build an application in visual C++ we can set build mode
to be "Debug" or "Release".In "Debug" mode the file contains some
additional data that shows the used names such as function names,
variable names,etc.
I want to know how we can set IDA Pro to use this additional data in
"Debug" mode to show the real name of subs,etc.
Is it possible?If yes,How?

sincerely yours

Well, first you have to find someone stupid enough to release software which still contains the debug information and then you have the advantage of knowing alot more information "that shows the used names such as function names, variable names,etc." I would thing the advantages of that are "ovbious" and that you really don't need someone to tell you how that might be helpful in reversing the program.

However, as a practical matter, it will be rare or never that you would find such information in commercial software. Certain checked builds aside.

Regards,

For microsoft compilers/linkers, I believe the debug information is all contained in an external file (the PDB). So unless you have it, you don't have more debug information.

Of course, in debug mode, the file is a lot larger. But if you disassemble it, you'll notice it's not optimized at all, and it contains a lot of debug traps to facilitate the use of a debugger and various debugging utils. (esp pointer checks, stack variables 0cch'd, etc..)

Use Edit->Plugins->Load PDB if you have the PDB file.

(it's also possible to produce a .pdb in release mode)

sorry to dredge this old topic out
its mainly regarding this


doug could you possibly explain this a little

i mean does the exe that is so created will still be the optimized one that release builds are supposed to be ??

do you some how mean the generate debuginfo in vs.net
which is kinda discussed here ??
http://blogs.msdn.com/jaybaz_ms/archive/2004/06/29/169024.aspx
or here
http://www.michaelmoser.org/compopts.htm

could you if possible provide a similar scenerio for masm
i mean switches other than /Zi for ml and /Debug /debugtype:cv for linker

if i produce a .pdb in masm with above switches the app doesnt remain the same as it
is in release mode
well i see /pdb /pdbtype:ypes and some other thing in link /?
also in the google group link the jaybz i see pt /noref etc
ill try experimenting with those but if you know a
correct sequence it would be better

i cant take the pdb that is so generated and simply substitute in a file assembled without those three specific switches

well ollydbg doesnt care about mismatched symbol types,incorrect guid or age
or unique id or whatever if it finds a pdb file with the same name as a debugged application it simply loads it and labels all over the wrong places

windbg without .symopt +0x40 wouldnt load it but with .symopt +0x40 (LOAD_ANYTHING) switch eventually loads the mismatched pdb and labels all over the wrong places exactly like ollydbg

so if you could provide some explanations it would be helpful
i would prefer to have instructions specific to masm
or bcc (well bcc is a different beast it doesnt produce any .pdb but produces a map and .tds file

thanks and regards

edit ok obviously the /RELEASE switch which is quoted by msdn to have some thing to do with checksum


also does some other undocumented magic like
deleting the useless spaces labels and 0xccs that were introduced and which bloated the iczelions tut 03 to ~ 10kb be removed and bring it back to just 200 bytes extra bloat in .data section which pertains to debuginfo dir in peheader
the pdb:none just embeds the pdb info inside exe while pdbtype either produces a single .pdb or is supposed to produce multiple whatever pdb files
which i couldnt make it produce

You can have a PDB in release mode with all optimizations. The best example is what you download from Microsoft's symbol servers (OS symbol files).

The PDB just contains symbol information on the PE file. I never had to fine-tune my PDB files such that I control what exactly is included and what is not, but I'm quite sure it is possible to specify how much symbolic information to include (i.e.: variable, function names, ...)


> could you if possible provide a similar scenerio for masm
I'm sorry, I don't know the exact switches for masm, but I'm sure that a masm guru on this site could help you out with that.

> i cant take the pdb that is so generated and simply substitute in a file assembled without those three specific switches
No, you can't. You can't switch debug/release pdb files with debug/release exes. The jaybaz blog has a comment on that.


My guess is you just need to enable PDB-generation for your masm project. This is independant of the build mode (debug/release); I guess some of the confusion comes from the fact that Visual Studio enables PDB generation by default for DEBUG config and disables it for RELEASE config.

oh thanks for such a fast reply i did not see your reply before i edited my post
so as i say in my edit the /release switch in masm does some othere tricks too
it stripped the .reloc section and one more idata section
brought back the peheader address of entry point to 401000
created the Winmain and WndProc exactly at the same address like it was assembled without those switches removed all those _start _winmain _wndproc superflous labels
removed about a kb of embedded 0xcc s
just the rawdata size of .rdata section increased by 200 bytes because
there was originally no space in iat section (it was filled to the brim)
and since 14 bytes of extra space was needed it added 200 bytes /file align

this pdb file now on being loded with windb .symopt +0x40 switch labels correctly
the non matching file too


now i can rip it apart