How to set a breakpoint on imported Win32 function?

Ruslan Kabatsayev b7.10110111@gmail.com
Thu Jan 16 20:01:00 GMT 2020


On Thu, 16 Jan 2020 at 21:28, Eli Zaretskii <eliz@gnu.org> wrote:
>
> > Cc: gdb@gnu.org, Eli Zaretskii <eliz@gnu.org>
> > From: Luis Machado <luis.machado@linaro.org>
> > Date: Thu, 16 Jan 2020 15:13:55 -0300
> >
> > >>> I have a program without any debug info, which has an import table
> > >>> with some functions imported by name. E.g. kernel32!ExitProcess is
> > >>> imported, and the debugger should know its name and address.
> > >>>
> > >>> But whenever I run GDB (from mingw-w64) with my test exe and try to
> > >>> set breakpoint on ExitProcess, GDB complains that no symbol table is
> > >>> loaded and asks if I want it set on future library load. After I agree
> > >>> and let the debuggee run, the debuggee exits without any trap
> > >>> (although it does exit via this exact function).
> > >>>
> > >>> OTOH, on Linux I can set a breakpoint on e.g. exit, which gets located
> > >>> in /lib/i386-linux-gnu/libc.so.6 for which I don't have any debug
> > >>> symbols, and the breakpoint successfully traps.
> > >>>
> > >>> So, how can I set a breakpoint on an imported function in Windows? Or
> > >>> is the handling of PE import table to fill GDB's symbol table not
> > >>> implemented?
> > >>>
> > >>> Thanks,
> > >>> Ruslan
> > >>>
> > >>
> > >> Given what you described, i think GDB doesn't know how to properly
> > >> locate that symbol. Can you at least see the symbol somewhere, in
> > >> disassemble output for example?
> > >
> > > No, apparently GDB doesn't indeed know about this symbol. The
> > > disassembly (both at the call site and in the function itself) simply
> > > shows the address, without any hints about symbols.
> > > Has this ever worked on Windows GDB? Or was it simply not implemented?
> > >
> >
> > I'm not well versed in GDB on Windows, so i'm not so sure. It could be both.
> >
> > I've cc-ed Eli, who tends to touch more mingw stuff.
>
> I'll try to help, although I don't think understand well enough the
> use case.
>
> If I start a MinGW program under GDB, and then put a breakpoint on
> ExitProcess, I get this:
>
>   Temporary breakpoint 2, main (argc=2, argv=0xa42848) at emacs.c:934
>   934       bool no_loadup = false;
>   (gdb) break ExitProcess
>   Breakpoint 3 at 0x7c81bfa7
>   (gdb) info breakpoints
>   Num     Type           Disp Enb Address    What
>   3       breakpoint     keep y   0x7c81bfa7 <KERNEL32!ExitProcess+5>
>
> So it seems that GDB already knows how to put breakpoints on such
> functions: you just need to name them without the DLL-name part.
> However, I'm not sure I understand what is meant above by "functions
> imported by name".  How exactly were they imported?  Does the above
> technique work for you?

They were imported as named functions usually are, i.e. not by
ordinal. I just said this to emphasize that GDB should be able to find
these symbols. Anyway, on my current system I've been unable to
reproduce the issue (although it easily reproduces with Wine, but
that's likely Wine's problem), so I'll try again when I get to the
machine where the problem happened. Might have been a stupid
misspelling or something else though, so I'm not sure if I'll
reproduce it.

Thanks for your help.



More information about the Gdb mailing list