Win32 Api函数调试中断 [英] Debug Break on Win32 Api functions
问题描述
我想在SetTimer功能上休息一下,看看哪些组件用什么值注册什么定时器。这是可能吗?
I would like to have a break on the SetTimer function in order to see which components register what timers with what values. Is this possible?
推荐答案
是的,你可以这样做。首先确保您的调试器具有公开符号设置。
Yes, you can do this. First make sure you have public symbols setup for your debugger.
SetTimer 住在user32但这只是它导出的。最简单的方法是使用命令行调试器 NTSD 。我们需要其真实姓名,因此请在user32中查找匹配的符号:
SetTimer lives in user32 but that is just what it is exported as. The easiest way to do this is with the command line debugger, NTSD. We need its real name, so look for symbols in user32 that match:
0:000> x user32!*timer*
759992b9 USER32!NtUserValidateTimerCallback = <no type information>
759977d5 USER32!NtUserSetTimer = <no type information>
759e4f13 USER32!NtUserSetSystemTimer = <no type information>
759993bf USER32!NtUserKillTimer = <no type information>
啊哈!它的调试符号是NtUserSetTimer:
Ah-ha! Its debug symbol is NtUserSetTimer:
0:000> bp user32!NtUserSetTimer
在Visual Studio中,您可以通过写入一个简单的暂存程序找出SetTimer的生命然后设置断点并右键单击并选择转到拆卸:
In Visual Studio, you can figure out where SetTimer lives by writting a simple scratch program and then setting a breakpoint and right clicking and selecting "Go to Disassembly":
int _tmain(int argc, _TCHAR* argv[]) {
SetTimer(NULL, 0, 0, NULL);
004113BE mov esi,esp
004113C0 push 0
004113C2 push 0
004113C4 push 0
004113C6 push 0
004113C8 call dword ptr [__imp__SetTimer@16 (418338h)]
如果我们进入该通话,那么我们到这里:
If we step into that call, then we land here:
_NtUserSetTimer@16:
759977D5 mov eax,123Dh
759977DA mov edx,7FFE0300h
759977DF call dword ptr [edx]
759977E1 ret 10h
所以在Visual Studio中设置一个断点,你有在断点中使用上下文操作符。从菜单中选择:Debug - > New Breakpoint - > Break at Function,然后输入:
So the to set a breakpoint there in Visual Studio, you have to use the context operator in the breakpoint. Select from the menus: Debug -> New Breakpoint -> Break at Function, then enter:
{,,user32.dll}_NtUserSetTimer@16
这篇关于Win32 Api函数调试中断的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
