The Microsoft Visual Studio 2010 IDE integrates a full-fledged debugger and familiar user interface that provides an assortment of windows, tools and behaviors to assist you identify and sort out bugs swiftly. The Visual Studio Debugger uses various techniques such as breakpoints, watch, step into, call stack, thread monitoring, memory examination etc… in order to inspect the values of variables.

Control of Debugging Session

  • Start Execution

    From the Debug Menu, there are various commands to start a debugging session, such as Start Debugging (F5), Step into (F11), and Step over (F10).

    Figure 1.1 Start Debugging

    Figure 1.1 Start Debugging

    You can start a debugging sessions with the Run to Cursor command. In the source editor, right click the target line of the source code and select the Run to Cursor (Ctrl+F10) command.

    Demonstration:

    In this example, we create a class libraryMathTest which is responsible for performing Math related operations such as Addition, Multiplicationand Division.

    Figure 1.2 Math operation Library class

    Figure 1.2 Math operation Library class

    Now, in the Run to Cursordebugging option, you don’t need to compile or debug (F5) the application; you just right click over any line of code (such as the Addition() method) in the main class and the debugging start automatically from that line of code.

    Figure 1.3 Run To Cursor Debugging

    Figure 1.3 Run To Cursor Debugging

    When you perform Run To Cursor, the output will display in the console window and a yellow arrow is highlighted over the Addition() method (only in the code file):

    Figure 1.4 Run To Cursor output

    Figure 1.4 Run To Cursor output

  • Break Execution

    If you start debugging in terms of putting a couple of breakpoints in multiple class library files and you want to terminate all the current debugging sessions, then you can break this session of an application, which is enabled when you insert a Breakpointor Run To Cursoron a particular line of code and start debugging. You can forcibly break into an application using the Terminate All command from the Debug menu.

    Figure 1.5 Terminate All

    Figure 1.5 Terminate All

  • Stop Execution

    Select Stop debugging from Debug menu to end a debugging session. You also can stop debugging from the processes window. In that window, right-click the executing process and select the Detach Process or Terminate Process command.

    Figure 1.6 Stop Debugging

    Figure 1.6 Stop Debugging

Breakpoints

If you are performing some sophisticated operation and playing with some variables,you will notice that the output is strange. So in this situation Breakpoints are very useful debugging utility. By using this, you can cross check what data is assigning to a particular variable at run time.

In the code editor, pressing F9 on a particular line sets a simple breakpoint (appears as a red circle). F9 is a toggle shortcut for setting or clearing a breakpoint. You can continue the application by pressing F5.

Figure 1.7 Breakpoints

Figure 1.7 Breakpoints

When you insert a Breakpoint over the Addition() method(suspected function) in code using F9 or from the Debug menu and start Debugging by using F5, then rather than displaying the output, the application runs in debug mode and the breakpoint color is converted from red to yellow.

Now you move on further, line by line using F10 to see what data has been assigned to what variable by moving over the cursor to a particular variable. You can go deep to the method code for inspection of value by using Step Into(F11).

Want to learn more?? The InfoSec Institute Web Application Penetration Testing Boot Camp focuses on preparing you for the real world of Web App Pen Testing through extensive lab exercises, thought provoking lectures led by an expert instructor. We review of the entire body of knowledge as it pertains to web application pen testing through a high-energy seminar approach.

The Web Application Penetration Testing course from InfoSec Institute is a totally hands-on learning experience. From the first day to the last day, you will learn the ins and outs of Web App Pen Testing by attending thought provoking lectures led by an expert instructor. Every lecture is directly followed up by a comprehensive lab exercise (we also set up and provide lab workstations so you don't waste valuable class time installing tools and apps). Benefits to you are:

  • Get CWAPT Certified
  • Learn the Secrets of Web App Pen Testing in a totally hands-on classroom environment
  • Learn how to exploit and defend real-world web apps: not just silly sample code
  • Complete the 83 Step "Web App Pen Test Methodology", and bring a copy back to work with you
  • Learn how perform OWASP Top 10 Assessments: for PCI DSS compliance

Figure 1.8 Breakpoints Step Into(F11)

Figure 1.8 Breakpoints Step Into(F11)

Function Breakpoints

In this debugging method, you don’t need to put breakpoints on a particular method, you just set Breakpoints by choosing the New Breakpoint submenu of the debug menu, and then select Break a Function. Thereafter, mention the method name Multiply() that you want to inspect and start debugging by F5.

Figure 1.9 New Breakpoints (function)

Figure 1.9 New Breakpoints (function)

Function Breakpoints break immediately, prior to the first line of a function and can be set at compile time or run time. Then, you can move forward by F10 for inspection variable values in the method body, as seen below:

Figure 1.10 Function Body inspection

Figure 1.10 Function Body inspection

Breakpoints Symbols

Breakpoints are annotated with icons;the shape of the icons indicate the state of the breakpoints.

Symbol

Description

Filled Circle Signify a enabled breakpoints
Filled Circle with Plus sign Signify filter breakpoints which include condition, hit counter.
Diamond Signify a trace point that has continue option enabled
Hollow Circle Signify a disabled breakpoints

Code Stepping

Stepping through source code is the most significant common action in a debugging session. Step commands steps an application in source line increments depending on the open window. Between steps, expressions can be evaluated, variables updated, functions called, and scopes changed.

Step commands

  • Step Into (F11): If we want to go deep into any function body or instruction, then we can do this by hittingF11 when the debugging cursor is over any particular function. Thereafter, we can move forward by using F10 for checking next instruction.

    Figure 1.11 Steps Into

    Figure 1.11 Steps Into

  • Step Over (F10):Steps to the next source line or instruction continuously; time to time we can check the value of a particular variable or object by mouse point hovering.

    Figure 1.12 Steps Over

    Figure 1.12 Steps Over

  • Step Out(Shift + F11):If we are examining instructions located in any function body by using Step Into(F11) and now we want tocomeout from that body or boundary then we useStep Out(Shift+ F11); here,theExecution is then interrupted at the first line after the call site.

Debug Window

Breakpoints Windows (Ctrl +D)

You can manage breakpoints in the Breakpoint window (opened from the Debug menu and windows submenu).

Figure 1.13 Breakpoints Window

Figure 1.13 Breakpoints Window

The Breakpoint lists all the breakpoints putted in the source code. In this window, the first column of each row is the enabled and disabled option box. The condition column shows any condition set on the breakpoint.

Output Window (Ctrl +W)

The output windows can be opened from the View menu and it contains messages from various sources from Visual Studio. This output window shows Visual Studio system services with the path responsible for executing the application. Sometimes, applications may malfunction and eventually hanged, so for overcoming this problem, we can locate that service and end it manually from task manager.

Figure 1.14 Output Window

Figure 1.14 Output Window

Watch Window (Ctrl +D,W)

The Watch window can be opened from Debug menu and windows submenu. The Watch window has three columns: Name, Value and Type. The variables can be viewed at run time and modified directly in the variables window. The changed values are highlighted in red and this is a useful way to test applications with values that stress the program.

Here, first we insert a breakpoint over the Addition() method and start Debugging by using F5 when we perform Step Over(F10) and then open the Watch window from the Debug menu. Then, we manually writevar1 and var2 and hit enter. It will display the values that are assigned at run time.

Figure 1.15 Watch1 Window

Figure 1.15 Watch1 Window

Locals Window (Ctrl +D,L)

The Locals window lists the local variables that are currently in scope. The only difference between the watch and locals window is that the locals window displays all the values of the variable that are currently in scope. We don’t need to write the variable manually for checking their values as we do with the watch window.

Figure 1.16 Locals Window

Figure 1.16 Locals Window

Call Stack Window (Ctrl +D, C)

It shows functions that are presently on the stack. The current location is highlighted with a yellow arrow. Here,the call stack window displays the current executing function which is in stack:

Figure 1.17 Call Stack Window

Figure 1.17 Call Stack Window

Immediate Window (Ctrl +D, I)

The Immediate window is a command line version of the Visual Studio debugger. You can display a value in the window, evaluate expressions, execute applications and perform menu commands.

Figure 1.18 Immediate Window

Figure 1.18 Immediate Window

You should first start the application in debugging mode by using F5 and then open this window.This is a shortcut utility to open other debugging windows; for instance, the Breakpoint window by writing ‘>bl’, the call stack window by writing’>callstack’, and so on.

You can view all windows commands below:

Immediate windows commands

Commands

Alias

Debug.Breakpoints bl
Debug.CallStack callstack
Debug.ClearAll cls
Debug.CommandWindow cmd
Debug.Unicode du
Debug.Start g
Debug.Locals locals
Debug.Print print
Debug.StepOver p
Debug.StepOut pr
Debug.StopDebugging q

QuickWatch Window

The QuickWatch window is great to the programmer for inspecting the values of variables at run time. First, you insert a breakpoint over the method (Addition()) that doesn’t produce the desired result. Now, start Step Over(F10); once you reach the variable ‘var1′, then select it by clicking the mouse, as you can see below:

Figure 1.19 Variable selection for QuickWatch

Figure 1.19 Variable selection for QuickWatch

Now hit shift+F9 for opening the QuickWatch window. It displays the values of the selected variable ‘var1′. Here, we can reevaluate the current variable or manually enter different expressions, as can be seen on the image below:

Figure 1.20 QuickWatch window

Figure 1.20 QuickWatch window

Thread Window (Ctrl +D, I)

The Thread window lists the active threads of the current process. This window is available only in break mode.

Figure 1.21 Thread Window

Figure 1.21 Thread Window