Open Simorfo opened 7 years ago
This is a known problem. It has been in our documentation for years: http://dynamorio.org/docs/using.html#sec_using_debugger
It was in the pre-open-source issue tracker: looks like there's no entry in this tracker so this will serve.
On Windows, if an application invokes OutputDebugString() while under a debugger, DynamoRIO can end up losing control of the application.
Ok, but do you know how to fix it ? Do you know how the kernel to gives back control to the debuggee ?
Here is one more information
When I do GetThreadContext in the debugger on the debuggee, I get eip= 0x7515b727 which is the top return address from the call stack.
If this is the case, maybe a solution is to push to the stack a return address to some dynamorio function like dispatch
, what do you think ?
From old notes: "OutputDebugString() throws an exception that the debugger handles which means it sets the context back to some native PC and we lose control...It won't be hard to watch for this particular exception and modify the machine context, the only issue is that we're doing extra work which matters only when a debugger is present."
That last bit explains why we never got around to doing anything -- it seems worth fixing as we've long wanted to improve debugging (xref various issues on debugger integration: #532, https://github.com/DynamoRIO/drmemory/wiki/Projects#advanced-debugging-tools)
Is is not a CRASH or a ASSERT, at some point(with a syscall), dynamorio loses control so I chose LOST_CONTROL
With version 6.2.0-2 of DynamoRio The latest build does not solve the problem
On Windows 7, with a 32 bit application, security-win32.outputdebugstring.exe, a simple application using
OutputDebugString
functionI run it with (no client) C:\rio\bin32\drrun.exe -debug -loglevel 4 -- security-win32.outputdebugstring.exe
The expected output are some lines ending with "end of debug" This is almost ok. But the logs show that dynamorio does not come back from native after calling
OutputDebugString
function.Here is the code for security-win32.outputdebugstring.exe
Basically it creates a new process with the same exe and the first process acts as a debugger on the second process (the debuggee) The debuggee calls
OutputDebugString
which results as aOUTPUT_DEBUG_STRING_EVENT
in theWaitForDebugEvent
loop. The debugger callsContinueDebugEvent
withDBG_CONTINUE
to tell the kernel to let the debuggee continue. I do not know what is done in the kernel at that point.The logs for the debuggee end with
OutputDebugString
making a sys call RaiseExceptionAnd we have nothing after that fcache_enter
I think that the big question is how the kernel returns to the debuggee. Any idea ?