attach source code to a running process, how does it work?

Question

I have one binary file which is compiled using a mysqlcppconn liability. Also i got the source code of mysqlcppconn.

what did was i opened the mysqlcppconn source code using visual studio, import the .exe file, set it as start up class and then put a break point in the source code. run in debug mode, when it reach the break point, i am able to see the variable value of mysqlcppconn which suppose to store in the .exe file. How Does this happened?

My understanding is: the .exe file is a list of instructions in the memory, so if i think the .exe file as a input-output activity, so if the input is A and we are expecting the output B, the compiler will use the .exe memory (the instructions) to guide where the A should go. but when i use the source code to compile, because the source code produced the identical instructions, somehow (this is where i dont understand either) , the compiler decide to use the instruction created by the source code not the .exe file to guide where A should go.

Any ideas?

Thanks in advance.

Answer 1

No, I don't think that's how it works.

If you attach to a running program, that simply tells the debugger which process to be interested in, and from this it can find the EXE file and the PDB symbols file. From the PDB symbols the debugger can find the required source code files and the line numbers matching the binary code.

When you put a breakpoint in the source code, the debugger checks the symbol table and finds out where that corresponds to in the binary. It then places a breakpoint in the binary of the running program at that location. Last time I looked at an Intel processor that involved replacing an instruction in the binary in memory by a different single byte instruction (RST 3) reserved for that purpose. On other processors the mechanism will be different.

When execution hits that special instruction, it causes a trap back into the debugger. The debugger restores the correct instruction (in case you happen to look at the disassembly) and looks up the breakpoint in its tables, finds the right source code and displays it for you to see.

It also finds the correct stack frame and shows you any local variables in that function.

When it all works correctly it's kind of magic but under the covers it's surprisingly simple.

Incidentally, it all works without a PDB file or source code file too, but then you only have the debugger's disassembly to work with.

Answer 2

Visual Studio must have found symbol files somewhere (*.pdb). These files are being generated during compilation process and contain information required to match some assembly code in the memory to some C++ source code. That's because the binary executable file contains either none or very little information about the source code it was compiled from. If you got mysqlcppconn library along with source code, it is very likely, that someone provided debugging symbols along with source code to simplify the development. If you compiled that library yourself, Visual Studio generated these symbols for you.

Once debugger has this information, it may extract values of variables stored in the RAM, when the program is running.