Reputation: 5124
VS2008 debugger and kernel32.dll
I've been just debugging a process (in C++/windows) which uses "GetThreadContext" which is in kernel32.dll.
I noticed that I could get it's address with
unsigned long address = (unsigned long)(&GetThreadContext);
but when I looked at the loaded modules tab - I saw that the symbols for kernel32.dll were not loaded!
How did the VS2008 know the address of "GetThreadContext"?
And how can I do it myself without having the PDBs?
thanks :)
Upvotes: 0
Views: 563
Answers (1)
Reputation: 54168
This works for the same reason that
GetThreadContext(hThread, lpContext);
works. Named functions used in your code must be resolved at link-time, or the link would fail. Whether you are taking their address using & or calling them does not matter. At runtime, the DLL is loaded and the function name then resolves to a specific address in the process.
PDB files are used only to provide enhanced symbolic information during debugging. Normally, they are not used at runtime.
[I can't help thinking I'm missing something about this question. Tell me if this is not your problem.]
Upvotes: 3
Related Questions
- How to debug a Windows kernel driver properly?
- Debugging dll and sys from Kernel debugging Mode
- How does the Windows kernel debugger in Visual Studio work?
- C++ DLL debugging
- debug a debug dll linked to a release executable
- Unable to find an entry point named 'GetCurrentPackageId' in DLL 'kernel32.dll' when using Visual Studio debugger
- c# error in kernelbase.dll on .NET 2.0
- Problems with VS2008 debugger
- How do I debug a DLL from VS2008?
- Debugging a DLL in VS2005 (C++)