Can a debugger produce a list of all executed lines of source code of an attached process?

Question

I'm working for a company, that does not have a habit of adding log entries in their source code.

Hence, if something goes wrong, the amount of logs, explaining what might have happened, is too small to make any real analysis.

Therefore I'm looking for a tool which can do the following:

• Attach to a running process and link to the symbols file.
• Follow all lines of source code which are executed.
• After a certain key is pressed (like "Ctrl+C"), produce a report which looks as follows:

[]

file1.c:010:  function1(1, 2, 5)
file1.c:011:    sum(1,2)
file1.c:020:      return 3;
file1.c:012:    sum(3,5);
file1.c:020:      return 8;
file1.c:012:    return 8;

I can imagine this question sounding very naïve, but if I can have something which just approaches this result, it might be very useful.

Does anybody know if this can be achieved using windbg, cdb, Visual Studio or any other means?

Answer 1

do you have the source code and symbols for your exe if yes windbg can step and print source lines

demo below for a simple recv sample

start an executable whose pdb with src info is available

:\>cdb recv

Microsoft (R) Windows Debugger Version 10.0.16299.15 X86

windbg breaks on system breakpoint

ntdll!LdrpDoDebuggerBreak+0x2c:
771a05a6 cc              int     3

enable loading of line information enable stepping in source mode enable printing of src lines

0:000> .lines
Line number information will be loaded
0:000> l+t
Source options are 1:
     1/t - Step/trace by source line
0:000> l+s
Source options are 5:
     1/t - Step/trace by source line
     4/s - List source code at prompt

disallow all other output except src

0:000> .prompt_allow -reg -dis -sym -ea
Allow the following information to be displayed at the prompt:
(Other settings can affect whether the information is actually displayed)
   src - Source info for current instruction
Do not allow the following information to be displayed at the prompt:
   sym - Symbol for current instruction
   dis - Disassembly of current instruction
    ea - Effective address for current instruction
   reg - Register state

go to main and step 10 times you will see each step is showing the src

read and use controlling the target in windbg help to know about various execution methods like step until return , step until branch etc

0:000> g recv!main
ModLoad: 69f50000 69f53000   C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL
>   13: int __cdecl main() {
0:000> p 10
>   24:     iResult = WSAStartup(MAKEWORD(2,2), &wsaData);
>   25:     if (iResult != NO_ERROR) {
>   30:     ConnectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
>   31:     if (ConnectSocket == INVALID_SOCKET) {
>   38:     clientService.sin_family = AF_INET;
>   39:     clientService.sin_addr.s_addr = inet_addr( "127.0.0.1" );
>   40:     clientService.sin_port = htons( 27015 );
>   42:     iResult = connect( ConnectSocket, (SOCKADDR*) &clientService, sizeof(clientService) );
>   43:     if ( iResult == SOCKET_ERROR) {
>   44:         closesocket (ConnectSocket);
>   45:         printf("Unable to connect to server: %ld\n", WSAGetLastError());

Unable to connect to server: 0
>   66:         WSACleanup();
>   67:         return 1;
>   88: }
*** The C++ standard library and CRT step filter can be enabled to skip this fun
ction. Run .settings set Sources.SkipCrtCode = true">.settings set Sources.SkipC
rtCode = true to enable it. ***