Reputation: 72
Debugging taskmgr: spy++ says WM_LBUTTONDOWN captured but windbg doesn't break
I'm trying to reverse engineer taskmgr because
How to restart explorer like taskmgr?
and after 5 years still no one knows how it works apparently. (I want to know because it has a different behavior from using PostMessage(0x5B4) + ShellExecute("explorer.exe") or using Restart Manager)
So I tried to break on WM_LBUTTONDOWN when I right click explorer.exe -> click the "restart" button on the context menu,
and spy++ logging does record that a WM_LBUTTONDOWN is sent to the Window with class name TaskManagerWindow.
Then I tried to set a breakpoint with bp /w "@rdx == 0x201" taskmgr!6B0F0
which should break on the WNDPROC of TaskManagerWindow indicated by spy++ when the message is WM_LBUTTONDOWN.
And....., it doesn't. Meanwhile spy++ keeps printing that a WM_LBUTTONDOWN is sent to TaskManagerWindow. What gives?
Upvotes: 0
Views: 45