Debugger Feature: Custom Debug Extensions
The Microsoft debuggers have an SDK that allows you to write your own debug extension. The extension simply exports debug commands and the debugger will pass your function the parameters entered by the user. The extensions are provided with APIs that allow it to read from and write to the memory in the process being debugged. They are also provided an API to write text out to the debug window.
In the past, the majority of debug extensions were written to simply dump the contents of data structures in a readable format. This use has all but disappeared with the addition of the dt command and structural information in the PDB symbol files. The dt command provides the ability to dump data structures that are contained in the PDB files. The PDBs provided by the Microsoft symbol server even contain a lot of the internal data structures in Windows. The use of PDBs for this purpose is better since structural information would be automatically updated each build rather than requiring you to modify your extension when the structure changes.
The command set of the debugger itself has also become richer, which makes debug extensions less necessary. Even so, there are still use cases for the debug extension and I will demonstrate a few. I will not go into any details of how to write a debug extension but an article on how to do this can be found at the following URL: http://www.codeproject.com/debug/cdbntsd4.asp.
Injecting & Extracting Binary Data
I was once debugging an application that wasn't properly displaying a bitmap. The problem was that the bitmap was received from the network or from a device and was only visible in the memory space of the process. I could have of course attempted to modify the code and write the bitmap to disk. The problem is that a lot of the code was also contained in a library that I did not have the source for. I still could modify the source to read and write to the disk, but I thought of another option that would be more dynamic and reusable.
That other option was to write a debug extension that had the ability to inject binary data into a process as well as extract it. This debug extension could then be used in other cases as a general solution while modifying just this code could not. I was able to extract the bitmap from memory and display it in another image viewer. I was also able to inject other bitmaps into the memory space overwriting that bitmap for use by the application.
This feature does have many other uses such as exporting data to files for binary comparison, extracting files that exist in memory only and the like. I have not included a demonstration, however the source code for the included debug extension includes !importfile and !exportfile for experimentation and modification.
