See if your crashes started happening after you installed or uninstalled something. Ask a question. Quick access. Search related threads. Remove From My Forums. Asked by:. Archived Forums. Windows Desktop Debugging. Sign in to vote. Symbol files make it easier to debug your code. The easiest way to get Windows symbols is to use the Microsoft public symbol server.
The symbol server makes symbols available to your debugging tools as needed. After a symbol file is downloaded from the symbol server it is cached on the local computer for quick access. With the cadence that we release updates for Windows, the Windows debugging symbols we publish via the packages on this page are quickly made out of date. We have made significant improvements to the online Microsoft Symbol Server by moving this to be an Azure-based symbol store, and symbols for all Windows versions and updates are available there.
You can find more about this in this blog entry. For information on how to retrieve symbols for a machine that is not connected to the Internet, see Using a Manifest File with SymChk.
To learn more about using symbols and debugging, see Symbols and Symbol Files. If you don't close the others, you create a system resources leak that could grow very fast, as shown in Figure 7. Whatever cleanup method you use, the system inevitably leaks two handles every time you debug a process: a semaphore and a port, both unnamed. Now you have seen how to use the Win32 debugging API to get the exact list of the DLLs that have been loaded and removed from a process address space during its execution.
Windows itself provides another way to get additional details about these DLLs. Some global flags or GFlags set in the Registry under. If you want to catch these traces, you have two options.
The other solution is easier: use a tool that catches them globally. Unfortunately, the Windows Loader seems to suppress this specific output message. If you are used to loading a process to get access to its resources, such as explorer. In this particular case, even in Windows NT 4. The DLLs with square icons are loaded during the process initialization and are called statically loaded.
The round ones are loaded afterward and are therefore dynamically loaded. The color of the icon tells you that there is either a loading address conflict red or none blue. Before leaving the Win32 debugging API, I want to take a shortcut through the exception-handling mechanism. ExceptionCode field contains the exception code. The exact list of possible exceptions is not available in one easy-to-read roadmap; it's scattered within WINNT.
The GetExceptionDescription method of CApplicationDebugger transforms the exception code into a human-readable string. When you debug an application, the Debug menu leads to an Exception dialog that allows you to select how you want the exceptions to be handled by the debugger, as shown in Figure Figure 10 Exceptions Dialog You may be surprised to find exception codes here that are not defined anywhere else.
Instead of copying them by hand, it would be nice to "steal" the contents of the listbox. This is exactly the goal of WindowDump.
It allows you to pick a window with the mouse or by its handle value and dump its content into an edit box. In addition to the content, it also gathers class and style descriptions, as shown in Figure This is not the case for common controls such as listviews or treeviews.
Along with the window content, you also get the description listed in Figure The last important point to make about the WindowsDump implementation involves the process ID. Starting from a window handle, it is not difficult to identify the thread and the process responsible for its creation using GetWindowThreadProcessId. You have to dig into Knowledge Base article Q to find that out.
It takes a process and an hModule to return the corresponding path name. To find a process executable path name, 0 should be given as hModule. Don't use 0x some processes are loaded at different addresses such as winlogon and Task Manager at 0x, ntvdm at f, and Microsoft Word at 0x Now let's dust off CreateRemoteThread, a function that allows you to make another process start one of your functions as a running thread in its context, as shown here:.
The lpStartAddress parameter is supposed to be the address of the thread procedure to be executed in another process context. The trick is that lpStartAddress must be an address in the other process address space, and that's why this function is so hard to use.
If you don't want to recreate the assembly for your code and then copy it into the other process address space, there is an easier solution available to you. If you compare a thread function and the LoadLibrary exported by kernel Both take a bit value as the parameter and return a bit value. But why is loading a DLL of such interest?
If you're writing the DLL, this is an easy way to let your code run in the context of the other process. To be of real interest, a communication channel should be set between the calling process and the code in the remote DLL. Their goal is to get four parameters that are not supposed to be known from another process.
Each function to be remotely called is wrapped in a helper exported by the DLL and ends up in the same generic function: Ex-ecuteRemoteAction. These three variables need to be accessed by both processes. Figure 13 illustrates this type of remote execution. This buffer is used to exchange a large amount of data between the DLL code running inside the remote process and the calling process itself.
If you need to allocate a buffer whose size is only known by the code being executed remotely, you simply replace the memory-mapped file by a piece of memory that's allocated using VirtualAlloc, and whose pointer address is stored in a shared variable.
0コメント