none
Windbg failed to hit at breakpoints in mshtml.dll module

    Question

  • Hello there!

    I'm setting some breakpoints (bp) on mshtml.dll functions like "CTitleElement::CreateElementIE9" & "CTitleElement::CreateElement" & executing a simple javascript to create a 'Title' element, sometimes IE can catch & hit at the specified breakpoints, sometimes (and most of the times) it can not! it's weird to me!

    Any solution to this problem? Anyone else have the same problem?

    Thanks!

    Saturday, August 09, 2014 8:42 AM

Answers

  • Sorry cannot reproduce on a IE9 Vista_x86, starting IE under windbg:

    CommandLine: "C:\Program Files\Internet Explorer\iexplore.exe"
    Symbol search path is: C:\Windows\symbols\dll;srv*C:\Symbols\MsSymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    (e24.f94): Break instruction exception - code 80000003 (first chance)
    eax=00000000 ebx=00000000 ecx=0016fa20 edx=76f85d14 esi=fffffffe edi=00000000
    eip=76f6878e esp=0016fa38 ebp=0016fa68 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    ntdll!DbgBreakPoint:
    76f6878e cc              int     3
    0:000> .childdbg 1
    Processes created by the current process will be debugged
    0:000> g
    Symbol search path is: C:\Windows\symbols\dll;srv*C:\Symbols\MsSymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    (e4c.12c0): Break instruction exception - code 80000003 (first chance)
    eax=00000000 ebx=00000000 ecx=0020f538 edx=76f85d14 esi=fffffffe edi=00000000
    eip=76f6878e esp=0020f550 ebp=0020f580 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    ntdll!DbgBreakPoint:
    76f6878e cc              int     3
    1:006> sxe ld:mshtml.dll
    1:006> g
    ModLoad: 63260000 63e2d000   C:\Windows\system32\MSHTML.dll
    eax=6818d390 ebx=00000000 ecx=039bf5f8 edx=76f85d14 esi=7ffd8000 edi=20000000
    eip=76f85d14 esp=039beea4 ebp=039beef8 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    ntdll!KiFastSystemCallRet:
    76f85d14 c3              ret
    1:020> bp MSHTML!CTitleElement::CreateElementIE9
    1:020> g
    Breakpoint 0 hit
    eax=635134d7 ebx=0027d670 ecx=0389d348 edx=002bd1a0 esi=00000077 edi=03ac5310
    eip=635134d7 esp=0389d318 ebp=0389d340 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    MSHTML!CTitleElement::CreateElementIE9:

    Are you sure .childdbg is on, and you set bp - after respective mshtml.dll is loaded - for every (new) process?

    With kind regards


    Saturday, August 09, 2014 11:20 AM

All replies

  • Sorry cannot reproduce on a IE9 Vista_x86, starting IE under windbg:

    CommandLine: "C:\Program Files\Internet Explorer\iexplore.exe"
    Symbol search path is: C:\Windows\symbols\dll;srv*C:\Symbols\MsSymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    (e24.f94): Break instruction exception - code 80000003 (first chance)
    eax=00000000 ebx=00000000 ecx=0016fa20 edx=76f85d14 esi=fffffffe edi=00000000
    eip=76f6878e esp=0016fa38 ebp=0016fa68 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    ntdll!DbgBreakPoint:
    76f6878e cc              int     3
    0:000> .childdbg 1
    Processes created by the current process will be debugged
    0:000> g
    Symbol search path is: C:\Windows\symbols\dll;srv*C:\Symbols\MsSymbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    (e4c.12c0): Break instruction exception - code 80000003 (first chance)
    eax=00000000 ebx=00000000 ecx=0020f538 edx=76f85d14 esi=fffffffe edi=00000000
    eip=76f6878e esp=0020f550 ebp=0020f580 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    ntdll!DbgBreakPoint:
    76f6878e cc              int     3
    1:006> sxe ld:mshtml.dll
    1:006> g
    ModLoad: 63260000 63e2d000   C:\Windows\system32\MSHTML.dll
    eax=6818d390 ebx=00000000 ecx=039bf5f8 edx=76f85d14 esi=7ffd8000 edi=20000000
    eip=76f85d14 esp=039beea4 ebp=039beef8 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    ntdll!KiFastSystemCallRet:
    76f85d14 c3              ret
    1:020> bp MSHTML!CTitleElement::CreateElementIE9
    1:020> g
    Breakpoint 0 hit
    eax=635134d7 ebx=0027d670 ecx=0389d348 edx=002bd1a0 esi=00000077 edi=03ac5310
    eip=635134d7 esp=0389d318 ebp=0389d340 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    MSHTML!CTitleElement::CreateElementIE9:

    Are you sure .childdbg is on, and you set bp - after respective mshtml.dll is loaded - for every (new) process?

    With kind regards


    Saturday, August 09, 2014 11:20 AM
  • Hello!

    You response was awesome! thank you very much .

    I just forgot to use ".childdbg 1" to switch to the child process & use "sxe dl:mshtml.dll" for loading the module .

    Anyway, Thank you, problem solved ;-)

    Saturday, August 09, 2014 7:27 PM