Dead listing. An dissasembler will spit out assembly code from a binary file. The quality of this listing greatly depends by the abiltitys of the tool you use. For good resulst , a interactive dissasambler (which allows you to manualy correct disasembly mistakes) , with navigation capabilites trough the listing (follow jumps , calls )is required. The ultimate tool in this area is IDA( www.datarescue.com ) . They have a good freware version , which outperforms (almost ?) all commercial dissasemblers I know. The profesional retail is abt 500$ , but it can dissasemble almost anything you can think at , and beyound this.
As I said , Dead listing analyisis will provide you with better insight than any live tracing , mostly because you have all the code of the module under your eyes and you can easily spot the whole picture. Take my word for it. If you are good enough with target platform ASM and you are familiar with the asm constructs the compiler generates , is like having access to the source code. It sounds simple , but it aint. It requires a lot of knowledge about target OS internals , fluency in ASM code , a minimal knowledge abt compilers and code generation and is a time consuming activity. And it requires skill too , for you can easily misinterpret code sequences , or fail to corectly reconstruct involved data structures . And understanding things wrong is worse than knowing nothing .
----- Original Message -----
From: Satish
To: File Systems Developers
Sent: Wednesday, April 25, 2001 12:30 PM
Subject: [ntfsd] Re: Driver Debugging
I have just considered those 2 files as Examples :).
"Live debugging " ???
Other then Debugger how to understand those codes without tracing the Instructions ?
Regards,
Satish K.S
----- Original Message -----
From: danp
To: File Systems Developers
Sent: Wednesday, April 25, 2001 2:49 PM
Subject: [ntfsd] Re: Driver Debugging
With the right tools , it is possible to “debug” anything. But in your case , examining Hal.dll or disk.sys is smells like reverse engineering , not debugging. For this , there are better tools
than debuggers. Dissasemblers. Theyll provide you a much better insight than a debugger.
Live debugging is only needed to understand a very small fraction of the code. A good knowledge of the target platform ASM and system architecture is required.
You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com