Reputation: 5917
Get the callstack(s) when a kernel32.dll function is called
I have a process that changes its current directory, and I would like to know when and where it happens. How could I do that?
I tried setting a breakpoint in SetCurrentDirectoryA/SetCurrentDirectoryW with Visual Studio, but it does not work.
Upvotes: 1
Views: 1268
Answers (3)
Reputation: 5018
Are you debugging one of your own programs, or one that you don't have the source code for? The Visual Studio debugger isn't very friendly with regards to debugging no-source applications; in that case, I would recommend WinDbg or OllyDbg - or even skipping the debugger and write an instrumented logger using EasyHook.
EDIT:
Try setting a breakpoint at {,,kernel32.dll}_SetCurrentDirectoryA@4 - peculiar syntax and requires decorated names. Haven't tried it myself, but found it here. Google keywords: "visual studio breakpoint api" :)
Upvotes: 2
Reputation: 2371
Your program may be changing directories using the msvcrt functions. You should try placing breakpoints on these functions as well:
_chdir
_chdrive
Upvotes: 0
Reputation: 106926
You need to attach/debug the process using native code. If you by mistake are debugging using managed code you will not hit those breakpoints.
Upvotes: 0
Related Questions
- Assigning a Functional breakpoint to windows dll/API function call
- xperf callstack tracing, specific to dlls
- WinDbg not showing entire call stack?
- How to list all calls of a function at runtime?
- Print the callstack of debugger (method names) to the file or console in VS2010
- Function Call Stack in C++
- How can I track system call in win32 API program with debugger(VS 2013)?
- Getting a detailed callstack log
- Call Stack info
- How to determine called kernel32.dll function from fault offset