Debugging with NTSD and Application Verifier
by Patrick Garvan 

Example 1: 

void main(void)
{
    char *p = 0;
    *p = 123;
}


Example 2: 

Microsoft (R) Windows Debugger  Version 6.6.0007.5
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: t1.exe
Symbol search path is: SRV*c:\Files\websymbols*http://msdl.microsoft.com/downloa
d/symbols
Executable search path is:
ModLoad: 00400000 0040f000   t1.exe
ModLoad: 7c900000 7c9b0000   ntdll.dll
ModLoad: 7c800000 7c8f4000   C:\WINDOWS\system32\kernel32.dll
(ce4.ddc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=7ffdb000 ecx=00320758 edx=00320000 esi=7c9118f1 edi=00011970
eip=0040101e esp=0012ff7c ebp=0012ff80 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
*** WARNING: Unable to verify checksum for t1.exe
t1!main+0xe:
0040101e c6007b    mov     byte ptr [eax],7Bh     ds:0023:00000000=??
0:000>


Example 3: 

0:000> k
ChildEBP RetAddr
0012ff80 004010de t1!main+0xe
0012ffc0 7c816fd7 t1!mainCRTStartup+0xb4
0012fff0 00000000 kernel32!BaseProcessStart+0x23
0:000> .lines
Line number information will be loaded
0:000> k
ChildEBP RetAddr
0012ff80 004010de t1!main+0xe [t1.c @ 4]
0012ffc0 7c816fd7 t1!mainCRTStartup+0xb4
0012fff0 00000000 kernel32!BaseProcessStart+0x23
0:000> dv
              p = 0x00000000 ""
0:000> dt p
Local var @ 0x12ff7c Type char*
(null)


Example 5: 

(a)
// t2.c
void main(void)
{
    int i = 0;
    char *p = 0;
    p = (char *)malloc(16);
    for (i=0; i<=16; i++)
    {
        // Buffer overrun when i=16
        p[i] = (char)('a' + i);
    }
}

(b)
0:000> k
ChildEBP RetAddr
0012ff80 004011d6 t2!main+0x45 [t2.c @ 11]
0012ffc0 7c816fd7 t2!mainCRTStartup+0xb4
0012fff0 00000000 kernel32!BaseProcessStart+0x23


Example 6: 

0:000> dv
              i = 16
              p = 0x0209eff0 "abcdefghijklmnop"
0:000> dd 0x0209eff0
0209eff0  64636261 68676665 6c6b6a69 706f6e6d
0209f000  ???????? ???????? ???????? ????????
0209f010  ???????? ???????? ???????? ????????
0209f020  ???????? ???????? ???????? ????????


Example 7: 

0:000> !address 0x0209eff0
    02040000 : 0209e000 - 00001000
                    Type     00020000 MEM_PRIVATE
                    Protect  00000004 PAGE_READWRITE
                    State    00001000 MEM_COMMIT
                    Usage    RegionUsagePageHeap
                    Handle   02041000
0:000> !address 0x0209f000
    02040000 : 0209f000 - 000a1000
                    Type     00020000 MEM_PRIVATE
                    Protect  00000001 PAGE_NOACCESS
                    State    00001000 MEM_COMMIT
                    Usage    RegionUsagePageHeap
                    Handle   02041000


Example 8: 

void *AvrfAlloc(size_t cb)
{
   char *pch = NULL;
   char delta = 0;

   cb++;
   delta = cb % 16;
   if (0 != delta)
   {
      delta = 16 - delta;
      cb += delta;
   }
   pch = malloc(cb);
   if (NULL != pch)
   {
      pch += delta;
      *pch++ = delta + 1;
   }
   return(pch);
}
void AvrfFree(void *pv)
{
   char offset = *((char*)pv - 1);
   free((char*)pv - offset);
}





3


