EnScript and .NET: Debugging in Visual Studio
Digital Forensics | Mar 4, 2015
If you have been reading this so far while thinking any of the following “What? C# and EnScript? When did this happen?” Check out this one for a little intro. My goal in this post is to show you how to debug your C# code while EnScript is calling it. Yes! You can do that!
Line 8 contains a function that I am bringing in from my C# DLL mentioned on the first line. If I use Step Into over my EnScript code, it will walk down the lines here without digging into the C# code. EnCase doesn’t have the source code, Visual Studio does.
Connecting Visual Studio Debugger
To get to the source code of the C# project, we need to connect EnCase and Visual Studio together. It is fairly simple, but it is not something I realized was possible until one of our developers showed me a couple years ago. I am finally getting to write this to share with all of you.
Use the build menu to create the DLL file. This file needs to be placed beside the EnScript source code, so copy it over there.
Put the assembly command in the EnScript code, and make sure it compiles. This is important to do, because the compile process is what reads into the DLL file to load all the symbols.
You can confirm the DLL stuff was loaded by viewing the Class Browser. In there you should find a bunch of things mentioned about DotNet, but you should also find your project namespace, public classes, and public functions in there.
Once you have compiled successfully, the symbols are loaded and ready to go. Go back into Visual Studio and use the Debug menu drop down to find the Attach to Process option.
In the window that pops up, find the EnCase.exe process and click the Attach button.
Visual Studio is now in a paused state waiting for control to come over. To get the debugger in Visual Studio to trip, you have to set a break point on code in C#. Otherwise the code will just execute without stopping.
When you compile your EnScript project, EnCase places a lock on the DLL file. If you point your EnScript to the DLL location where Visual Studio builds to, then VS will fail to build while EnCase has that lock. If you are trying to copy the built DLL into the folder where your EnScript project is at, you will get an error message saying that it cannot overwrite the file.
#2 Project Type
You can get error messages logged from the .NET code (and other things), and direct them to the console in EnCase or to a file on your drive. You will find these options in the Tools dropdown in the Options… menu item. Then Debug Tab, and the Show Logging button.
You can download my EnScript and C# code here to follow along in the screen shots. There is nothing amazing happening in that code, but you are welcome to use it in your forensic projects (with proper credit of course)…