So You Want to Write Your Own Debugger

Over the years, I've been amazed at the number of engineers who are interested in writing debuggers. I'm not amazed at why they want to do it since I've lived the debugger writer's life. We got interested in computers and software in the first place because we wanted to know how they worked, and debuggers are the magic looking glass that lets you see anything and everything about them. Consequently, I've received quite a bit of mail asking me what it takes to write a debugger and for advice on how to proceed. Part of my motivation for writing WDBG was to finally get a full example out for engineers to see how debuggers work.

The first step you need to take, after examining WDBG, is to get Jonathan Rosenberg's excellent book How Debuggers Work (Wiley, 1996). Although Jonathan's book doesn't present the code for a debugger, it's a wonderful introduction to and discussion about the real-world issues that you'll have to deal with when writing a debugger. Very few engineers have ever written a debugger, so it really helps to get a handle on the issues first.

You'll need to become intimately familiar with the PE file format and the particular CPU you're working on. You need to read Matt Pietrek's definitive articles on the PE file format in the February and March 2002 editions of MSDN Magazine. You can learn more about the CPU from the Intel CPU manuals available at www.intel.com.

Before you tackle a full debugger, you should probably write a disassembler. Writing a disassembler will not only teach you a great deal about the CPU, but it will also result in code you can use in the debugger. The disassembler in WDBG is read-only code. In other words, only the developer who wrote it can read it. Strive to make your disassembler maintainable and extensible. I've done a decent amount of assembly-language programming in the past, but it wasn't until I wrote my own disassembler that I really learned assembly language inside and out.

If you do want to write your own disassembler, the first place to start is with the Intel reference manuals, which you can download from Intel directly. They have all the information you need about the instructions and their opcodes. Additionally, in the back of Volume 2 is the complete opcode map, which is what you need to know to turn a number into an instruction. The source code to a few disassemblers is floating around the Internet. Before you embark on your writing, you might want to look at some of those disassemblers to get an idea of how others have handled problems.