All geek questions in one place

Can I use map2dbg with 64-bit Delphi executables?

I am currently using map2dbg to create a .dbg file from my .map Delphi files. This works great for 32-bit executables. For 64-bit executables, calling map2dbg.exe seems successful, but the resulting .dbg file does not seem useful. When I look at stack traces in Process Explorer, they do not have symbol names.

Should I expect map2dbg to work in 64 bit? And if not, is there an alternative I can use?

+4
source share
5 answers

I did a little research, and it seems map2dbg can be used for 64-bit executables made in Delphi XE2. The only thing you have to change is the WORD in the generated DBG file with offset 4 from $ 8664 to $ 014C.

Yes, it looks like nonsense, because it means changing the “Machine” field in the DBG header from AMD64 to X86, but it really causes the DBG file to load correctly in both WinDbg and Process Explorer.

I made a fixed version of map2dbg version 1.3, so it automatically writes $ 14c to DBG. Here is the archive: http://yadi.sk/d/kbVFCGyI2gQzM

UPDATE: DBG files created with a fixed version of map2dbg are accepted by both Process Explorer and WinDbg, and the characters from these DBGs are correctly associated with the corresponding addresses in the executable file, but incorrect stack frames are displayed.

Reason in the DBGHELP library. As you can see from its disassembly, it only downloads DBG files made for X86 or Alpha processors (the value of the machine field is $ 14c and $ 184). But if we manually change the "Machine" field in the DBG file from AMD64 to X86, then DBGHELP will process the executable file as a 32-bit module (therefore, the PDATA segment from the executable file will not be used during stack unloading), and the incorrect stack will be displayed by debuggers .

I fixed the x86 and x64 versions of DBGHELP installed with WinSDK for Win8. Patch versions allow you to load DBG files with an AMD64 Machine field ($ 8664), so stack frames are displayed as expected. These versions are available in this archive: http://yadi.sk/d/7ZDLv2ed2gRGo

So now we have two different approaches to using characters from 64-bit executables compiled with Delphi XE2:

  • A simple way: use the fixed 2dbg map to create fake-x86 DBG files that can be loaded into WinDbg and Process Explorer, so symbol addresses will be shown, but debuggers will not be able to display stack frames.

  • "Hardcore": use the fixed dbghelp.dll with support for AMD64 DBG files. With this version of DBGHELP, WinDbg and Process Explorer can unwind stack frames.

ONE MORE UPDATE: The cv2pdb tool can now convert DBG files created using map2dbg to PDB. Both 32-bit and 64-bit executables are supported.

Below is a compiled version of the latest cv2pdb sources.

+8
source

Unfortunately, * .dbg support is deprecated (note: it’s not even used or downloaded!) In new versions of Microsoft products (windbg, explorer, visual studio, etc.). Therefore, even if it creates a valid .dbg file, it will never be used ...: - (

My biggest wish is to create a .pdb file! So what if someone can get the specifications for this ?! (is this a closed MS format?) Because, even worse, the latest Intel VTune / Threading profiler will also not use .dbg files anymore, so I REALLY WANT DELPHI FOR PDB CONVERTER! (sorry for screaming)

I tried several things, but so far have not achieved anything. So I created my own stack viewer and minidump viewer that uses Delphi debugging symbols (.map, .jdbg, etc.): http://code.google.com/p/asmprofiler/wiki/ProcessStackViewer http: // andremussche.blogspot.com/2011/03/minidump-reader-for-delphi.html

Note. I have not tested my stuff on 64-bit Delphi applications yet ... So it probably won't work, but you can still try ...

+3
source

For your information only: I found a PDB writer https://github.com/jbevain/cecil/blob/master/symbols/pdb/Mono.Cecil.Pdb/PdbWriter.cs

This is part of the Mono Cecil library (open source.net implementation). I hope it can be modified to read Delphi.map files too ... (not verified yet)

+1
source

For your information only, I made dof dofgpp.dll for Dof of the Concept, so it can also read Delphi.map files. This is a kind of proxy dll: it has the same export of a real dll, but they are all sent to the real / original dll. 3 character functions implemented using Delphi search (jclDebug.pas): https://plus.google.com/u/0/110131086673878874356/posts/4rmyQM5kVW7 https://plus.google.com/u/0/110131086673878874356/posts / TSJRqFJR3WZ

Only 32bit at the moment. ProcesExplorer only works on the 64-bit version on 64-bit Windows, but ProcesHacker also has a 32-bit version. When I have some more time, I can improve it further ... or try it yourself at this time! In 64-bit mode, you cannot use "ASM JMP PToProc", but something like "ASM JMP qword ptr [rel p]".

0
source

I made some changes (actually commented on the exceptions :-)) on tds2pdb. Now it also works for Delphi.tds files, both 32-bit and 64-bit! See My G + Post: https://plus.google.com/u/0/110131086673878874356/posts/eJBKC16e5f6

Note: only ProcesExlorer does not display the full stack of my 64-bit test program, ProcesHacker and WinDbg show the full stack.

0
source

Source: https://habr.com/ru/post/1398140/

More articles:


All Articles