WinDbg - breakpoint when function kernel32!DeviceIoControl is getting called RRS feed

  • Question

  • Hi Everybody,

    mostly I worked with hardware, but this time I need asap answer for title programmers question.

    Please informe me, what I should write in WinDbg window to set breakpoint when function kernel32!DeviceIoControl is getting called via update.exe dvd software.

    Thank You very much for help.

    Tuesday, January 1, 2013 3:28 PM

All replies

  • After you configured correctly symbols, you should simply type on the command line:

    bu kernel32!DeviceIoControl

    Wednesday, January 2, 2013 9:27 AM
  • Problem is that all this command I've tried (bu, bp also before) but result is always "Couldn't resolve error at 'KERNEL32!DeviceIoControl'" :(

    Symbols are downloaded to folder d:\sym automatically - inside I have kernel32.pdb, ntdll.pdb, pingme.

    Microsoft (R) Windows Debugger Version 6.2.9200.16384 X86
    Copyright (c) Microsoft Corporation. All rights reserved.

    CommandLine: C:\Users\Grzegorz\Desktop\Blu-ray\EP0000228581\UpDate_UJ225_Q113.exe
    Symbol search path is: srv*d:\sym*
    Executable search path is: 
    ModLoad: 00400000 0042d000   image00400000
    ModLoad: 77aa0000 77c07000   ntdll.dll
    ModLoad: 755d0000 756c8000   C:\WINDOWS\system32\KERNEL32.DLL
    ModLoad: 75180000 7523d000   C:\WINDOWS\system32\KERNELBASE.dll
    ModLoad: 701d0000 70277000   C:\WINDOWS\system32\apphelp.dll
    SHIMVIEW: ShimInfo(Complete)
    ModLoad: 5d870000 5dab4000   C:\WINDOWS\AppPatch\AcGenral.DLL
    ModLoad: 775a0000 77651000   C:\WINDOWS\system32\msvcrt.dll
    ModLoad: 77710000 77744000   C:\WINDOWS\SYSTEM32\sechost.dll
    ModLoad: 74f90000 74fb3000   C:\WINDOWS\SYSTEM32\SspiCli.dll
    ModLoad: 759b0000 759f0000   C:\WINDOWS\system32\SHLWAPI.dll
    ModLoad: 742c0000 74367000   C:\WINDOWS\SYSTEM32\UxTheme.dll
    ModLoad: 75aa0000 75bc1000   C:\WINDOWS\system32\USER32.dll
    ModLoad: 77750000 7785a000   C:\WINDOWS\system32\GDI32.dll
    ModLoad: 6eec0000 6eee1000   C:\WINDOWS\SYSTEM32\WINMM.dll
    ModLoad: 74ce0000 74cf2000   C:\WINDOWS\SYSTEM32\samcli.dll
    ModLoad: 75e70000 75f89000   C:\WINDOWS\system32\ole32.dll
    ModLoad: 759f0000 75a7b000   C:\WINDOWS\system32\OLEAUT32.dll
    ModLoad: 69220000 69234000   C:\WINDOWS\SYSTEM32\MSACM32.dll
    ModLoad: 72160000 72168000   C:\WINDOWS\SYSTEM32\VERSION.dll
    ModLoad: 76440000 77506000   C:\WINDOWS\system32\SHELL32.dll
    ModLoad: 748d0000 748eb000   C:\WINDOWS\SYSTEM32\USERENV.dll
    ModLoad: 73bc0000 73bd9000   C:\WINDOWS\SYSTEM32\dwmapi.dll
    ModLoad: 76150000 76271000   C:\WINDOWS\system32\urlmon.dll
    ModLoad: 75520000 755ce000   C:\WINDOWS\system32\ADVAPI32.dll
    ModLoad: 70950000 709b0000   C:\WINDOWS\SYSTEM32\WINSPOOL.DRV
    ModLoad: 702d0000 702e3000   C:\WINDOWS\SYSTEM32\MPR.dll
    ModLoad: 75bd0000 75ca2000   C:\WINDOWS\system32\RPCRT4.dll
    ModLoad: 6ee90000 6eeba000   C:\WINDOWS\SYSTEM32\WINMMBASE.dll
    ModLoad: 77860000 77996000   C:\WINDOWS\SYSTEM32\combase.dll
    ModLoad: 750e0000 750f1000   C:\WINDOWS\SYSTEM32\profapi.dll
    ModLoad: 757b0000 75950000   C:\WINDOWS\system32\iertutil.dll
    ModLoad: 75f90000 76149000   C:\WINDOWS\system32\WININET.dll
    ModLoad: 77660000 776d5000   C:\WINDOWS\system32\SHCORE.DLL
    ModLoad: 6f140000 6f3b0000   C:\WINDOWS\AppPatch\AcLayers.dll
    ModLoad: 76280000 7642f000   C:\WINDOWS\system32\SETUPAPI.dll
    ModLoad: 6efd0000 6efd3000   C:\WINDOWS\SYSTEM32\sfc.dll
    ModLoad: 75460000 754a6000   C:\WINDOWS\system32\CFGMGR32.dll
    ModLoad: 75500000 7551e000   C:\WINDOWS\system32\DEVOBJ.dll
    ModLoad: 6eef0000 6eefe000   C:\WINDOWS\SYSTEM32\sfc_os.DLL
    ModLoad: 001e0000 0020d000   image001e0000
    ModLoad: 001e0000 0020d000   image001e0000
    ModLoad: 776e0000 7770b000   C:\WINDOWS\system32\IMM32.DLL
    ModLoad: 756d0000 757ad000   C:\WINDOWS\system32\MSCTF.dll
    ModLoad: 77510000 77599000   C:\WINDOWS\system32\comdlg32.dll
    ModLoad: 75240000 752c7000   C:\WINDOWS\WinSxS\\COMCTL32.dll
    (16b0.4fc): Break instruction exception - code 80000003 (first chance)
    eax=00000000 ebx=7ffdf000 ecx=0013fad8 edx=77ab6954 esi=00000000 edi=00150000
    eip=77b7c25a esp=0013faf4 ebp=0013fb20 iopl=0         nv up ei pl zr na pe nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
    77b7c25a cc              int     3
    0:000> bp kernel32!DeviceIoControl
    Couldn't resolve error at 'kernel32!DeviceIoControl'
    0:000> bu KERNEL32!DeviceIoControl
    Couldn't resolve error at 'KERNEL32!DeviceIoControl'

    Wednesday, January 2, 2013 9:24 PM
  • You may try searching for symbol with wildcards, like
    0:007> x kernel32!*deviceio*
    76b350ef kernel32!DeviceIoControl = <no type information>
    76b11054 kernel32!_imp__NtDeviceIoControlFile = <no type information>
    x *!*deviceio*
    which should do a search over all modules, (down)loading pdbs for all loaded modules.
    Diagnostic output for symbol loading you may get with
    0:007> !sym noisy
    noisy mode - symbol prompts on
    0:007> .reload /f kernel32.dll
    DBGHELP: c:\windows\symbols\dll\kernel32.pdb - file not found
    DBGHELP: c:\windows\symbols\dll\dll\kernel32.pdb - file not found
    DBGHELP: c:\windows\symbols\dll\symbols\dll\kernel32.pdb - file not found
    DBGHELP: kernel32 - public symbols 

    Status of symbol loading you get with
    start    end        module name
    00da0000 00dbb000   c__CallDllNative   (deferred)            
    62830000 629a3000   MSVCR100D   (deferred)            
    701b0000 701cb000   C__Dll_Native   (deferred)            
    76b10000 76bec000   kernel32   (pdb symbols)          c:\symbols\mssymbols\kernel32.pdb\882A637ABACB4AD29751B511B0D3A5BF2\kernel32.pdb
    77700000 77828000   ntdll      (pdb symbols)          c:\symbols\mssymbols\ntdll.pdb\6E8831F322484D958838F729593F26D92\ntdll.pdb

    With kind regards

    Wednesday, January 2, 2013 11:02 PM
  • bp kernelbase!DeviceIoControl should do what you need.
    Friday, February 8, 2013 4:13 AM