Debugging CYGWIN using WinDBG

One of the activities in my current project involved analyzing the mechanism of bash script for compliation configuration. This implies an access to linux open source environment. Since I am new to this kind of environment, I choose to ease the transition by first installing application that can at least understand this script.

After perform some data gathering, I choose to use CYGWIN. It has excellent capabilities to process the script, and since I will perform extensive examination of the behaviour of script processing, I will require at least some decent debugging symbol for this environment.

After googling for a while, I realize, that to get the debugging symbol for open source application is not an easy task. Not as easy as connecting to Symbol Server in Microsoft applications.

Fortunately, by examining the CYGWIN package setup, there are category called “Debug” category which has a “cygwin-debuginfo” in there.

So, I decided to download, extract this package, and perform some tests whether this debugging symbol can be used in the WinDBG debugging environment.

I will take cygwin1.dll as a sample because this DLL is always appear when I starts cygwin terminal, and examined it by attaching WinDBG to this application.

Debug symbol for cygwin1.dll seems to be cygwin.dll.dbg, so I renamed it to cygwin1.dbg, and re-attach the WinDBG to see whether it is accepted as a valid debug symbol.

Performing the x command for symbol examination reveals … nothing. Seems WinDBG only accept *.PDB or the input file does not support the kind of format that WinDBG expects as decent *.DBG file.

But let’s verify by forcing it to load the given symbol:

But is it the WinDBG really tries to read the given *.DBG file before it is giving up ? This can be verified using FILEMON utility and the answer is yes:

The research as to why WinDBG fails to read this kind of symbol will requires significant amount of time. So I decided to investigate whether I can at least use it to manually determine the symbol for given assembly location of each routine,function or variables.

There’s a utility that equivalent to dumpbin.exe in cygwin environment called objdump to perform text output for symbol mapping of relative address to symbol names:

Let’s first try using the known name and determine whether it has some correlation inside cygwin1.dbg symbol. Take _envz_entry export function inside cygwin1.dll for example:

The blue box denotes symbol information obtained from objdump. And assembly address for the function is 0x611275B0. Using the calculation in the above picture, seems that I can perform some relation of address location to given symbol.

Let’s verify another one for “aclsort”:

Seems to be different, but by searching this address location to the disassembled file:

But let’s crosscheck by perform reverse calculation of 0x610D6472 against the symbol table:

Which still convey that the given address is indeed has relation to “aclsort” routine.

Now, let’s apply it to unknown assembly address, for example the entry point given in disassembly result, which is 0x6107F470:

q.e.d 🙂

Advertisements

One Response to “Debugging CYGWIN using WinDBG”

  1. __Vano Says:

    You can set DBGHELP_LOG env variable to get dbghelp.dll ‘s diagnostic logging. See http://msdn.microsoft.com/en-us/library/windows/desktop/ms680687%28v=vs.85%29.aspx#Diagnosing_Symbol_Load_Problems (“Symbol Loading”)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: