Application Security Testing: An Integral Part of DevOps
Visual C++ v6.0 is shipped with a very good integrated debugger, but it has even more features then is documented in the online help files. I'll briefly describe some of these features, so you can use them to make your own programming a little more efficient. Some of these tips were mentioned during the European Visual C++ Developer's Conference in January 1999 in Amsterdam (WARNING: the NoStepInto is an undocumented feature, this means: no support, may change, may not work...!). The AutoExp.dat file (in the \Program Files\Microsoft Visual Studio\Common\MSDev98\Bin directory) has some very neat features that can help you tune the debugger. This file is read when the debugger is started and looks just like an INI-file. Both the Automatic expansion of structures and avoid stepping into particular functions are configured using this file.
The debugger is capable of displaying the contents of a structure (or class) in a watch or a tooltip. For some structures, you can actually see what's inside the structure (i.e. the CString class). For your own structures you only see three dots and that's it. Of course you can expand these watches in the debugger, but for tooltips you're out of luck. Fortunately, this mechanism of displaying the contents of a structure wasn't hardcoded in the debugger, but it's done using a special section in the AutoExp.dat file. Open the file and look for the [AutoExpand] section and you'll see how this is accomplished. The following piece of text is extracted from this file, but is included here for reference.
|Type||Name of the type (may be followed by <*> for template types such as the ATL types listed below).|
|Text||Any text.Usually the name of the member to display, or a shorthand name for the member.|
|Member||Name of a member to display.|
|Format||Watch format specifier. One of the following:
The special format <,t> specifies the name of the most-derived type of the object. This is especially useful with pointers or references to a base class. If there is no rule for a class, the base classes are checked for a matching rule.
Did you also debug some code, where you had to step into some functions but you're stepping more in CString's internal functions then in the code which you wanted to debug? There is an (undocumented) solution to this problem and it's in the AutoExp.dat file as well. Create a section called [ExecutionControl] and add the following line for functions that should be treated as "atomic":
|Function=NoStepInto||Avoid stepping into this specific function|
|Classname::Method=NoStepInto||Avoid stepping into the specific method of this class|
|Classname::*=NoStepInto||Avoid stepping into any of the methods of this class|
The CString class is used throughout the code, so you're normally not interested in the construction, destruction and assignments of this class. Add the following code to the AutoExp.dat file to prevent stepping into these functions:
[ExecutionControl] CString::CString=NoStepInto CString::~CString=NoStepInto CString::operator==NoStepInto