在Win32 API函数调试中断
我想有才能的SetTimer函数休息,看看哪些组件注册什么样的价值观是什么定时器。这可能吗?
I would like to have a break on the SetTimer function in order to see which components register what timers with what values. Is this possible?
是的,你可以做到这一点。首先请确保您有为您调试安装的公共符号。
Yes, you can do this. First make sure you have public symbols setup for your debugger.
的SetTimer 住在USER32但是,这只是它是什么导出为。要做到这一点,最简单的方法是使用命令行调试器, NTSD 。我们需要它的真实姓名,所以寻找在USER32匹配符号:
SetTimer lives in user32 but that is just what it is exported as. The easiest way to do this is with the command line debugger, NTSD. We need its real name, so look for symbols in user32 that match:
0:000> x user32!*timer*
759992b9 USER32!NtUserValidateTimerCallback = <no type information>
759977d5 USER32!NtUserSetTimer = <no type information>
759e4f13 USER32!NtUserSetSystemTimer = <no type information>
759993bf USER32!NtUserKillTimer = <no type information>
啊,哈!它的调试符号是NtUserSetTimer:
Ah-ha! Its debug symbol is NtUserSetTimer:
0:000> bp user32!NtUserSetTimer
在Visual Studio中,你可以找出其中的SetTimer住书面方式通过一个简单的耐刮划,然后设置一个断点,右击并选择转到拆卸
In Visual Studio, you can figure out where SetTimer lives by writting a simple scratch program and then setting a breakpoint and right clicking and selecting "Go to Disassembly":
int _tmain(int argc, _TCHAR* argv[]) {
SetTimer(NULL, 0, 0, NULL);
004113BE mov esi,esp
004113C0 push 0
004113C2 push 0
004113C4 push 0
004113C6 push 0
004113C8 call dword ptr [__imp__SetTimer@16 (418338h)]
如果我们步入了电话,然后我们的土地位置:
If we step into that call, then we land here:
_NtUserSetTimer@16:
759977D5 mov eax,123Dh
759977DA mov edx,7FFE0300h
759977DF call dword ptr [edx]
759977E1 ret 10h
因此,在Visual Studio中有设置一个断点,你必须使用的在断点上下文运算符。从菜单中选择:调试 - >新建断点 - >歇在功能,然后输入:
So the to set a breakpoint there in Visual Studio, you have to use the context operator in the breakpoint. Select from the menus: Debug -> New Breakpoint -> Break at Function, then enter:
{,,user32.dll}_NtUserSetTimer@16