Figure 4.5 A screenshot of ILDasm, Microsoft’s .NET IL disassembler.Debuggers
Debuggers exist primarily to assist software developers with locating and cor-
recting errors in their programs, but they can also be used as powerful revers-
ing tools. Most native code debuggers have some kind of support for stepping
through assembly language code when no source code is available. Debuggers
that support this mode of operation make excellent reversing tools, and there
are several debuggers that were designed from the ground up with assembly
language–level debugging in mind.
The idea is that the debugger provides a disassembled view of the currently
running function and allows the user to step through the disassembled code
and see what the program does at every line. While the code is being stepped
through, the debugger usually shows the state of the CPU’s registers and a
memory dump, usually showing the currently active stack area. The following
are the key debugger features that are required for reversers.116 Chapter 4