Programming guide

This guide will show you through the most commonly used classes and methods of the WinAppDbg module, and provide some examples of use for each one. The goal is to give you a bird’s eye perspective on what the library can do and how, without having to read the source code.

• Instrumentation
  • The System class
  • The Process class
  • The Thread class
  • The Module class
  • The Window class
  • Back to the System class
  • Generating minidump files
  • Working with UWP and packaged apps
• Debugging
  • The Debug class
  • The interactive debugger
  • The Event class
  • The Crash and CrashDAO classes
  • The EventHandler class
  • The EventSift class
  • Breakpoints, watches and hooks
  • Labels
  • Generating minidump files
• Helper classes and functions
  • Console output with colors
  • Text output in tables
  • Logging
  • Hexadecimal input
  • Hexadecimal output
  • Dumping code, stack and registers
  • Pathname and filename handling
• The Win32 API wrappers
  • Example #1: finding a DLL in the search path
  • Example #2: killing a process by attaching to it
  • Example #3: enumerating heap blocks using the Toolhelp library
  • Example #4: enumerating modules using the Toolhelp library
  • Example #5: enumerating device drivers
• More examples
  • Set a debugging timeout
  • Dump the memory of a process
  • Find alphanumeric addresses to jump to
  • Show processes DEP settings
  • Choose the disassembler you want to use
• Advanced topics
  • A closer look at how breakpoints work
  • A closer look at how labels work
  • About the heuristic crash signatures