Results 1 to 8 of 8

Thread: DirectX debugging: modified PIX shows callstacks

Threaded View

  1. #1

    DirectX debugging: modified PIX shows callstacks

    Quote Originally Posted by
    PIX is a debugging and analysis tool that captures detailed information from a Direct3D application as it executes. PIX can be configured to gather data, such as the list of Direct3D APIs called, timing information, mesh vertices before and after transformations, screenshots, and select statistics. PIX can also be used for debugging vertex and pixel shaders, including setting breakpoints and stepping through shader code.
    Thus, a highly useful tool right from the MS DirectX SDK for e.g. finding the cause of a rendering problem: for any captured frame, you can click through the executed DX API functions and see how the frame is being built up, eventually finding out what part is to blame.

    But what about reversing a closed source application's renderer? PIX does not store a call stack; it merely logs *what* DX functions are called, but not from *where*. Therefore it is not very useful for reversing by default.

    I didn't want to let such a great tool go to waste. After some reversing work I ended up patching PIX to log and show (part of) the call stack for each DirectX call that the target program makes. Each call stack entry has both the virtual address and the module name.

    Example usage of the resulting modified tool is finding out about and messing with a game's renderer, or more simply locating the HUD rendering code and quickly finding the data that it represents (e.g. health, money) rather than having to resort to memory scanning.

    Fullsize screenshot:
    Last edited by arc_; May 25th, 2009 at 19:58.

Similar Threads

  1. Replies: 10
    Last Post: February 1st, 2013, 09:13
  2. Problem debugging DirectX application
    By LOPAN in forum The Newbie Forum
    Replies: 4
    Last Post: March 1st, 2010, 19:16
  3. DirectX 5
    By Cenobyte in forum OllyDbg Support Forums
    Replies: 2
    Last Post: June 30th, 2005, 08:57
  4. Replies: 3
    Last Post: March 18th, 2003, 16:19
  5. W32DASM shows n0thinq
    By ON'error in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: December 27th, 2001, 08:31


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts