Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

User32 symbols not resolved in WinDbg?

1,075 views
Skip to first unread message

Vincent Fatica

unread,
Mar 1, 2009, 12:43:33 PM3/1/09
to
When I start debugging with WinDbg, all looks good:

*** wait with pending attach
Symbol search path is: SRV*g:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00400000 004c3000 D:\POWERPRO\POWERPRO.EXE
ModLoad: 7c900000 7c9af000 C:\WINDOWS\system32\ntdll.dll
ModLoad: 7c800000 7c8f6000 C:\WINDOWS\system32\kernel32.dll
ModLoad: 7e410000 7e4a1000 C:\WINDOWS\system32\USER32.dll
ModLoad: 77f10000 77f59000 C:\WINDOWS\system32\GDI32.dll
[...]

But I can't set breakpoints in USER32.DLL (and I can in, say, KERNEL32.DLL):

0:000> bp ShowWindow
Bp expression 'ShowWindow' could not be resolved, adding deferred bp
0:000> bp SetWindowPlacement
Bp expression 'SetWindowPlacement' could not be resolved, adding deferred bp
0:002> bp SetConsoleCtrlHandler [OK - kernel32.dll]
0:002>

I **do** have a user32.pdb in my symbol cache:

G:\Symbols\user32.pdb\D18A41B74E7F458CAAAC1847E2D8BF022\user32.pdb.

What can I do? Thanks.
--
- Vince

Vincent Fatica

unread,
Mar 2, 2009, 8:32:18 AM3/2/09
to
On 1 Mar 2009 12:43:33 -0500, Vincent Fatica <vi...@blackholespam.net> wrote:

|But I can't set breakpoints in USER32.DLL (and I can in, say, KERNEL32.DLL):
|
|0:000> bp ShowWindow
|Bp expression 'ShowWindow' could not be resolved, adding deferred bp
|0:000> bp SetWindowPlacement
|Bp expression 'SetWindowPlacement' could not be resolved, adding deferred bp
|0:002> bp SetConsoleCtrlHandler [OK - kernel32.dll]
|0:002>
|
|I **do** have a user32.pdb in my symbol cache:
|
|G:\Symbols\user32.pdb\D18A41B74E7F458CAAAC1847E2D8BF022\user32.pdb.
|
|What can I do?

Well, I can

bp NtUserShowWindow
bp NtUserSetWindowPlacement

They work. And when they're hit, the debugger makes no mention of
ShowWindow/SetWindowPlacement. How was I to know this? USER32.DLL exports
ShowWindow and SetWindowPlacement (and not the NtUser* versions). The NtUser*
varsions are in my PDBfile and the usual versions are not. The NtUser* versions
are not in any header here. There's no convenient tool for viewing PDB files
(is there?). I figured it out by looking at user32.pdb with a hex editor. Even
now, with the names of these functions in hand, I can't google up an
explanation.
--
- Vince

Philip McGraw

unread,
Mar 2, 2009, 6:25:22 PM3/2/09
to

No need to look at the PDB data in this case; just use the linker to look at the exports:

link -dump -exports c:\Windows\system32\user32.dll
...
ordinal hint RVA name
...
687 2AE 00006CB0 SetWindowPlacement = NtUserSetWindowPlacement
...
705 2C0 0000F3D0 ShowWindow = ZwUserShowWindow
706 2C1 000170B0 ShowWindowAsync = NtUserShowWindowAsync

Regards,
Philip

Vincent Fatica

unread,
Mar 2, 2009, 8:00:21 PM3/2/09
to
|> Well, I can
|>
|> bp NtUserShowWindow
|> bp NtUserSetWindowPlacement
|>
|> They work. And when they're hit, the debugger makes no mention of
|> ShowWindow/SetWindowPlacement. How was I to know this? USER32.DLL exports
|> ShowWindow and SetWindowPlacement (and not the NtUser* versions). The NtUser*
|> varsions are in my PDBfile and the usual versions are not. The NtUser* versions
|> are not in any header here. There's no convenient tool for viewing PDB files
|> (is there?). I figured it out by looking at user32.pdb with a hex editor. Even
|> now, with the names of these functions in hand, I can't google up an
|> explanation.
|
|No need to look at the PDB data in this case; just use the linker to look at the exports:
|
|link -dump -exports c:\Windows\system32\user32.dll
|...
| ordinal hint RVA name
|...
| 687 2AE 00006CB0 SetWindowPlacement = NtUserSetWindowPlacement
|...
| 705 2C0 0000F3D0 ShowWindow = ZwUserShowWindow
| 706 2C1 000170B0 ShowWindowAsync = NtUserShowWindowAsync

I see this:

v:\> link -dump -exports c:\Windows\system32\user32.dll | egrep "ShowWindow|SetW
indowP"
643 282 0000DE46 SetWindowPlacement
644 283 000199F3 SetWindowPos
659 292 0001AF56 ShowWindow
660 293 0001337D ShowWindowAsync

Are you suggesting I should see more? I'm on XP/SP3, with VC9. The text
"NtUser" does not appear in my USER32.DLL.

And is it not unfortunate that the PDB file doesn't have these common names?
--
- Vince

Tim Roberts

unread,
Mar 3, 2009, 12:52:52 AM3/3/09
to
Vincent Fatica <vi...@blackholespam.net> wrote:
>
>v:\> link -dump -exports c:\Windows\system32\user32.dll | egrep "ShowWindow|SetW
>indowP"
> 643 282 0000DE46 SetWindowPlacement
> 644 283 000199F3 SetWindowPos
> 659 292 0001AF56 ShowWindow
> 660 293 0001337D ShowWindowAsync
>
>Are you suggesting I should see more? I'm on XP/SP3, with VC9. The text
>"NtUser" does not appear in my USER32.DLL.
>
>And is it not unfortunate that the PDB file doesn't have these common names?

The implication, to me, is that you have a Vista symbol file with an XP
version of user32.dll. Is that possible?
--
Tim Roberts, ti...@probo.com
Providenza & Boekelheide, Inc.

Vincent Fatica

unread,
Mar 3, 2009, 2:35:48 AM3/3/09
to

I removed the PDB file and ran WinDbg again using
"SRV*g:\symbols*http://msdl.microsoft.com/download/symbols". I got a new file
identical to the old one.

I do have a Vista install (which WinDbg knows nothing about). I tried the
link/dump on the Vista USER32.dll and got results (below) similar to those above
but with different locations and ordinals and with no mention of the other
(NtUser*) names for those functions. Here's what I got (h:\ = Vista install):

v:\> link -dump -exports h:\Windows\system32\user32.dll | egrep "ShowWindow|SetW
indowP|NtUser"
679 2A6 000079BB SetWindowPlacement
680 2A7 000121FE SetWindowPos
697 2B8 0000D80A ShowWindow
698 2B9 00014990 ShowWindowAsync

Really, my PDB file doesn't mention those functions by their common names, and I
have yet to find a USER32.DLL which uses the "NtUser*" names from the PDB file.
--
- Vince

0 new messages