Application security

Debugging with Visual Studio 2010

Ajay Yadav
March 7, 2013 by
Ajay Yadav

The Microsoft Visual Studio 2010 IDE integrates a full-fledged debugger and familiar user interface that provides an assortment of windows, tools and behaviors to assist you identify and sort out bugs swiftly. The Visual Studio Debugger uses various techniques such as breakpoints, watch, step into, call stack, thread monitoring, memory examination etc… in order to inspect the values of variables.

Control of Debugging Session

11 courses, 8+ hours of training

11 courses, 8+ hours of training

Learn cybersecurity from Ted Harrington, the #1 best-selling author of "Hackable: How to Do Application Security Right."
  • Start Execution

    From the Debug Menu, there are various commands to start a debugging session, such as Start Debugging (F5), Step into (F11), and Step over (F10).

    [caption id="" align="alignnone" width="294"]Figure 1.1 Start Debugging Figure 1.1 Start Debugging[/caption]

    You can start a debugging sessions with the Run to Cursor command. In the source editor, right click the target line of the source code and select the Run to Cursor (Ctrl+F10) command.


    In this example, we create a class libraryMathTest which is responsible for performing Math related operations such as Addition, Multiplicationand Division.

    [caption id="" align="alignnone" width="350"]Figure 1.2 Math operation Library class Figure 1.2 Math operation Library class[/caption]

    Now, in the Run to Cursordebugging option, you don't need to compile or debug (F5) the application; you just right click over any line of code (such as the Addition() method) in the main class and the debugging start automatically from that line of code.

    [caption id="" align="alignnone" width="481"]Figure 1.3 Run To Cursor Debugging Figure 1.3 Run To Cursor Debugging[/caption]

    When you perform Run To Cursor, the output will display in the console window and a yellow arrow is highlighted over the Addition() method (only in the code file):

    [caption id="" align="alignnone" width="441"]Figure 1.4 Run To Cursor output Figure 1.4 Run To Cursor output[/caption]

  • Break Execution

    If you start debugging in terms of putting a couple of breakpoints in multiple class library files and you want to terminate all the current debugging sessions, then you can break this session of an application, which is enabled when you insert a Breakpointor Run To Cursoron a particular line of code and start debugging. You can forcibly break into an application using the Terminate All command from the Debug menu.

    [caption id="" align="alignnone" width="307"]Figure 1.5 Terminate All Figure 1.5 Terminate All[/caption]

  • Stop Execution

    Select Stop debugging from Debug menu to end a debugging session. You also can stop debugging from the processes window. In that window, right-click the executing process and select the Detach Process or Terminate Process command.

    [caption id="" align="alignnone" width="361"]Figure 1.6 Stop Debugging Figure 1.6 Stop Debugging[/caption]


If you are performing some sophisticated operation and playing with some variables,you will notice that the output is strange. So in this situation Breakpoints are very useful debugging utility. By using this, you can cross check what data is assigning to a particular variable at run time.

In the code editor, pressing F9 on a particular line sets a simple breakpoint (appears as a red circle). F9 is a toggle shortcut for setting or clearing a breakpoint. You can continue the application by pressing F5.

[caption id="" align="alignnone" width="377"]Figure 1.7 Breakpoints Figure 1.7 Breakpoints[/caption]

When you insert a Breakpoint over the Addition() method(suspected function) in code using F9 or from the Debug menu and start Debugging by using F5, then rather than displaying the output, the application runs in debug mode and the breakpoint color is converted from red to yellow.

Now you move on further, line by line using F10 to see what data has been assigned to what variable by moving over the cursor to a particular variable. You can go deep to the method code for inspection of value by using Step Into(F11).

[caption id="" align="alignnone" width="369"]Figure 1.8 Breakpoints Step Into(F11) Figure 1.8 Breakpoints Step Into(F11)[/caption]

Function Breakpoints

In this debugging method, you don't need to put breakpoints on a particular method, you just set Breakpoints by choosing the New Breakpoint submenu of the debug menu, and then select Break a Function. Thereafter, mention the method name Multiply() that you want to inspect and start debugging by F5.

[caption id="" align="alignnone" width="497"]Figure 1.9 New Breakpoints (function) Figure 1.9 New Breakpoints (function)[/caption]

Function Breakpoints break immediately, prior to the first line of a function and can be set at compile time or run time. Then, you can move forward by F10 for inspection variable values in the method body, as seen below:

[caption id="" align="alignnone" width="311"]Figure 1.10 Function Body inspection Figure 1.10 Function Body inspection[/caption]

Breakpoints Symbols

Breakpoints are annotated with icons;the shape of the icons indicate the state of the breakpoints.



Filled Circle Signify a enabled breakpoints

Filled Circle with Plus sign Signify filter breakpoints which include condition, hit counter.

Diamond Signify a trace point that has continue option enabled

Hollow Circle Signify a disabled breakpoints

Code Stepping

Stepping through source code is the most significant common action in a debugging session. Step commands steps an application in source line increments depending on the open window. Between steps, expressions can be evaluated, variables updated, functions called, and scopes changed.

Step commands

  • Step Into (F11): If we want to go deep into any function body or instruction, then we can do this by hittingF11 when the debugging cursor is over any particular function. Thereafter, we can move forward by using F10 for checking next instruction.

    [caption id="" align="alignnone" width="488"]Figure 1.11 Steps Into Figure 1.11 Steps Into[/caption]

  • Step Over (F10):Steps to the next source line or instruction continuously; time to time we can check the value of a particular variable or object by mouse point hovering.

    [caption id="" align="alignnone" width="482"]Figure 1.12 Steps Over Figure 1.12 Steps Over[/caption]

  • Step Out(Shift + F11):If we are examining instructions located in any function body by using Step Into(F11) and now we want tocomeout from that body or boundary then we useStep Out(Shift+ F11); here,theExecution is then interrupted at the first line after the call site.

Debug Window

Breakpoints Windows (Ctrl +D)

You can manage breakpoints in the Breakpoint window (opened from the Debug menu and windows submenu).

[caption id="" align="alignnone" width="624"]Figure 1.13 Breakpoints Window Figure 1.13 Breakpoints Window[/caption]

The Breakpoint lists all the breakpoints putted in the source code. In this window, the first column of each row is the enabled and disabled option box. The condition column shows any condition set on the breakpoint.

Output Window (Ctrl +W)

The output windows can be opened from the View menu and it contains messages from various sources from Visual Studio. This output window shows Visual Studio system services with the path responsible for executing the application. Sometimes, applications may malfunction and eventually hanged, so for overcoming this problem, we can locate that service and end it manually from task manager.

[caption id="" align="alignnone" width="624"]Figure 1.14 Output Window Figure 1.14 Output Window[/caption]

Watch Window (Ctrl +D,W)

The Watch window can be opened from Debug menu and windows submenu. The Watch window has three columns: Name, Value and Type. The variables can be viewed at run time and modified directly in the variables window. The changed values are highlighted in red and this is a useful way to test applications with values that stress the program.

Here, first we insert a breakpoint over the Addition() method and start Debugging by using F5 when we perform Step Over(F10) and then open the Watch window from the Debug menu. Then, we manually writevar1 and var2 and hit enter. It will display the values that are assigned at run time.

[caption id="" align="alignnone" width="458"]Figure 1.15 Watch1 Window Figure 1.15 Watch1 Window[/caption]

Locals Window (Ctrl +D,L)

The Locals window lists the local variables that are currently in scope. The only difference between the watch and locals window is that the locals window displays all the values of the variable that are currently in scope. We don't need to write the variable manually for checking their values as we do with the watch window.

[caption id="" align="alignnone" width="513"]Figure 1.16 Locals Window Figure 1.16 Locals Window[/caption]

Call Stack Window (Ctrl +D, C)

It shows functions that are presently on the stack. The current location is highlighted with a yellow arrow. Here,the call stack window displays the current executing function which is in stack:

[caption id="" align="alignnone" width="469"]Figure 1.17 Call Stack Window Figure 1.17 Call Stack Window[/caption]

Immediate Window (Ctrl +D, I)

The Immediate window is a command line version of the Visual Studio debugger. You can display a value in the window, evaluate expressions, execute applications and perform menu commands.

[caption id="" align="alignnone" width="460"]Figure 1.18 Immediate Window Figure 1.18 Immediate Window[/caption]

You should first start the application in debugging mode by using F5 and then open this window.This is a shortcut utility to open other debugging windows; for instance, the Breakpoint window by writing '>bl', the call stack window by writing'>callstack', and so on.

You can view all windows commands below:

Immediate windows commands



Debug.Breakpoints bl

Debug.CallStack callstack

Debug.ClearAll cls

Debug.CommandWindow cmd

Debug.Unicode du

Debug.Start g

Debug.Locals locals

Debug.Print print

Debug.StepOver p

Debug.StepOut pr

Debug.StopDebugging q

QuickWatch Window

The QuickWatch window is great to the programmer for inspecting the values of variables at run time. First, you insert a breakpoint over the method (Addition()) that doesn't produce the desired result. Now, start Step Over(F10); once you reach the variable 'var1', then select it by clicking the mouse, as you can see below:

[caption id="" align="alignnone" width="377"]Figure 1.19 Variable selection for QuickWatch Figure 1.19 Variable selection for QuickWatch[/caption]

Now hit shift+F9 for opening the QuickWatch window. It displays the values of the selected variable 'var1'. Here, we can reevaluate the current variable or manually enter different expressions, as can be seen on the image below:

[caption id="" align="alignnone" width="396"]Figure 1.20 QuickWatch window Figure 1.20 QuickWatch window[/caption]

Thread Window (Ctrl +D, I)

The Thread window lists the active threads of the current process. This window is available only in break mode.

11 courses, 8+ hours of training

11 courses, 8+ hours of training

Learn cybersecurity from Ted Harrington, the #1 best-selling author of "Hackable: How to Do Application Security Right."

[caption id="" align="alignnone" width="624"]Figure 1.21 Thread Window Figure 1.21 Thread Window[/caption]

Ajay Yadav
Ajay Yadav

Ajay Yadav is an author, Cyber Security Specialist, SME, Software Engineer, and System Programmer with more than eight years of work experience. He earned a Master and Bachelor Degree in Computer Science, along with abundant premier professional certifications. For several years, he has been researching Reverse Engineering, Secure Source Coding, Advance Software Debugging, Vulnerability Assessment, System Programming and Exploit Development.

He is a regular contributor to programming journal and assistance developer community with blogs, research articles, tutorials, training material and books on sophisticated technology. His spare time activity includes tourism, movies and meditation. He can be reached at om.ajay007[at]gmail[dot]com