Debugging

When running and testing programs, you will find it easiest to use a debugger, a utility program
that lets you single-step through a program, execute one statement at a time, restart the
program, examine and modify variables, examine the runtime stack, examine the CPU registers,
examine machine instructions, assemble new instructions, and run a program up to a breakpoint.

Depending on the type of target program you create and your current operating system, you can
select some or all of the following debuggers:

32-Bit Protected Mode

Use the Microsoft Visual Studio 2010 debugger

Use the Microsoft Visual Studio 2005 & 2008 debuggersr

16-Bit Real Mode

Your two primary choices are the Debug debugger (debug.exe) supplied free with MS-DOS and
Windows, or the CodeView debugger (cv.exe) supplied by Microsoft with the MASM assembler.

Debug was the first MS-DOS debugger, modeled after the well known debugger named DDT from
the CP/M operating system. (No, DDT did not refer to an insecticide--it stood for Dynamic
Debugging Tool.) Debug is primitive, yet easy to use. You can code and assemble short
programs on the spot, without having to use any other assembler. It has some serious
limitations: It does not permit the use of variable names or 32-bit registers, and doesn't let you
edit existing programs. You can learn most of its commands with one hour. I used it for many
years before CodeView appeared, primarily for testing the behavior of short instruction
sequences.

CodeView is a full-featured professional debugger Microsoft developed somewhere between 1985

and 1992. It lets you open multiple memory and register windows, use the mouse, set multiple
breakpoints, change the display format, set colors, and so on. It is not suited to assembling
programs from scratch. Plan on spending about 3-4 hours learning its various commands. It has
not been modified since 1992.

Borland's Turbo Debugger is similar to CodeView, with a better engineered user interface. It's
probably the best 16-bit debugger around. It is bundled with Borland Turbo Assembler and
Borland C++, so you have to buy one of those products to get the debugger.
A SIMPLE METHOD Of DEBUGGING

In most cases, a user only needs to find out where and why a program is aborting.
This is probably the first level of debugging that should be attempted by novice users.
To perform this task the user will need to perform several steps in the debugging
process.

1.Compile your program(s) with the -g flag

2. Execute the debugger as follows:
% dbx objectfile(s)<CR>
where objectfile(s) is one or more files that result from step 1.
3. At the dbx> prompt type:
dbx> run [arguments][>output
redirection][<input redirection]<CR>
where "arguments" are arguments being passed to the program and ">output
redirection" and "<input redirection" are for any required redirection for
program execution.
4. Run the program as you normally would. When the error occurs, dbx will
provide information regarding the location of the error, and possible reasons for
its occurrence. It should also provide more detail about the error than the initial
error messages you may have received without dbx.

1. SmartInspect

SmartInspect is a logging tool for debugging and monitoring Delphi applications. It comes with a
logging library that can be integrated in Delphi applications to log messages, errors, variable values,
objects, files and so on. A graphical viewer application, the SmartInspect Console, allows developers
to view, filter and analyze the logging data.

features

Identify and fix software bugs faster

Monitor and analyze applications in real-time
Find solutions to user-reported issues
Debug production systems while they run

CDB

Microsoft Console Debugger (CDB) is a character-based console program that enables low-level analysis
of Windows user-mode memory and constructs. CDB is extremely powerful for debugging a program that
is currently running or has recently crashed ("live analysis"), yet simple to set up. It can be used to
investigate the behavior of a working application. In the case of a failing application, CDB can be used to
obtain a stack trace or to look at the guilty parameters. It works well across a network (using a remote
access server), as it is character-based. With CDB, you can display and execute program code, set
breakpoints, and examine and change values in memory. CDB can analyze binary code by
"disassembling" it and displaying assembly instructions. It can also analyze source code directly. Because
CDB can access memory locations through addresses or global symbols, you can refer to data and
instructions by name rather than by address, making it easy to locate and debug specific sections of
code. You can also display disassembled machine code. CDB supports debugging multiple threads and
processes. It is extensible, and can read and write both paged and non-paged memory. If the target
application is itself a console application, the target will share the console window with CDB. To spawn a
separate console window for a target console application, use the -2 command-line option.

NTSD

There is a variation of the CDB debugger named Microsoft NT Symbolic Debugger (NTSD). It is identical
to CDB in every way, except that it spawns a new text window when it is started, whereas CDB inherits
the Command Prompt window from which it was invoked. Like CDB, NTSD is fully capable of debugging
both console applications and graphical Windows programs. (The name "Console Debugger" is used to
indicate the fact that CDB is classified as a console application; it does not imply that the target
application must be a console application.) Since the start command can also be used to spawn a new
console window, the following two constructions will give the same results: start cdb parameters ntsd
parameters

wireshark

Sniffing the glue that holds the Internet together - Wireshark (known as Ethereal until a trademark dispute
in Summer 2006) is a fantastic open source network protocol analyzer for Unix and Windows. It allows
you to examine data from a live network or from a capture file on disk. You can interactively browse the
capture data, delving down into just the level of packet detail you need. Wireshark has several powerful
features, including a rich display filter language and the ability to view the reconstructed stream of a TCP
session. It also supports hundreds of protocols and media types. A tcpdump-like console version named
tethereal is included. One word of caution is that Ethereal has suffered from dozens of remotely exploi
security holes, so stay up-to-date and be wary of running it on unusted or hostile networks (

Snort

A Everyone's favorite open source IDS - This lightweight network inusion detection and prevention
system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content
searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts,
port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic
that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and
Security Engine (BASE), a web interface for analyzing Snort alerts. Open source Snort works fine for
many individuals, small businesses, and departments. Parent company SourceFire offers a
complimentary product line with more enterprise-level features and real-time rule updates. They offer a
free (with registration) 5-day-delayed rules feed, and you can also find many great free rules at Bleeding
Edge Snort.

netcat

The network Swiss army knife - This simple utility reads and writes data across TCP or UDP
network connections. It is designed to be a reliable back-end tool that can be used directly or
easily driven by other programs and scripts. At the same time, it is a feature-rich network
debugging and exploration tool, since it can create almost any kind of connection you would
 need, including port binding to accept incoming connections. The original Netcat was released by
Hobbit in 1995, but it hasn't been maintained despite its immense popularity. It can sometimes
even be hard to find nc110.tgz. The flexibility and usefulness of this tool have prompted people to
write numerous other Netcat implementations - often with modern features not found in the
original. One of the most interesting is Socat, which extends Netcat to support many other socket
types, SSL encryption, SOCKS proxies, and more. It even made this list on its own merits. There
is also Chris Gibson's Ncat, which offers even more features while remaining por and compact.
Other takes on Netcat include OpenBSD's nc, Cryptcat, Netcat6, PNetcat, SBD, and so-called
GNU Netcat

MBSA

Microsoft Baseline Security Analyzer - Microsoft Baseline Security Analyzer (MBSA) is an easy-
to-use tool designed for the IT professional that helps small and medium-sized businesses
determine their security state in accordance with Microsoft security recommendations and offers
specific remediation guidance. Built on the Windows Update Agent and Microsoft Update
infrasucture, MBSA ensures consistency with other Microsoft management products including
Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server
(SMS) and Microsoft Operations Manager (MOM). Apparently MBSA on average scans over 3
million computers each week

kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and
(with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet
also supports plugins which allow sniffing other media such as DECT.

Kismet identifies networks by passively collecting packets and detecting standard named networks,
detecting (and given time, decloaking) hidden networks, and infering the presence of
nonbeaconing networks via data traffic.

Features

802.11b, 802.11g, 802.11a, 802.11n sniffing

Standard PCAP file logging (Wireshark, Tcpdump, etc)
Client/Server modular architecture
Multi-card and channel hopping support
Runtime WEP decoding
Tun/Tap virtual network interface drivers for realtime export of packets
Hidden SSID decloaking
Distributed remote sniffing with Kismet drones
 XML logging for integration with other tools
Linux, OSX, Windows, and BSD support (devices and drivers permitting)

Nikto2

A more comprehensive web scanner - Nikto is an open source (GPL) web server scanner which
performs comprehensive tests against web servers for multiple items, including over 3200
potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on
over 230 servers. Scan items and plugins are frequently updated and can be automatically
updated (if desired). It uses Whisker/libwhisker for much of its underlying functionality. It is a
great tool, but the value is limited by its infrequent updates. The newest and most critical
vulnerabilities are often not detected.

Ping/telnet/dig/aceroute/whois/netsta
The basics - While there are many whiz-bang high-tech tools out there to assist in security
auditing, don't forget about the basics! Everyone should be very familiar with these tools as they
come with most operating systems (except that Windows omits whois and uses the name acert).
They can be very handy in a pinch, although for more advanced usage you may be better off with
Hping2 and Netcat.

features

 SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's

Perl/NetSSL)

 Full HTTP proxy support

 Checks for outdated server components

 Save reports in plain text, XML, HTML, NBE or CSV

 Template engine to easily customize reports

 Scan multiple ports on a server, or multiple servers via input file (including nmap output)

 LibWhisker's IDS evasion techniques

 Easily updates via command line

 Identifies installed software via headers, favicons and files

 Host authentication with Basic and NTLM

 Subdomain guessing

 Apache and cgiwrap username enumeration

 Mutation techniques to "fish" for content on web servers

 Scan tuning to include or exclude entire classes of vulnerability
checks

 Guess credentials for authorization realms (including many default id/pw combos