Using Windows User, Kernel, and GDI Symbols in CodeView

ID: Q67711


The information in this article applies to:
  • Microsoft CodeView for Windows, versions 3.05, 3.14, 4.0, 4.01, 4.1


SUMMARY

CodeView for Windows (CVW) can view symbolic information in Windows's core code and can set breakpoints inside Windows functions when the debugging versions of USER.EXE, GDI.EXE, KRNL286.EXE, and KRNL386.EXE are installed in your development environment.

For Windows 3.0, Section 7.3.2 of the "Microsoft Windows Software Development Kit Tools" manual describes how to install the debugging version of Windows. The "Microsoft Windows Software Development Kit: Programming Tools" manual presents similar information for Windows 3.1 beginning on page 73.

This article discusses using Windows symbols to set breakpoints, list module names and functions, and disassemble Windows code.


MORE INFORMATION

For CVW to access Windows symbols, USER.EXE, GDI.EXE, and either KRNL286.EXE or KRNL386.EXE must be loaded into CVW as dynamic-link libraries (DLLs). This can be done with the /L command-line switch or in response to the DLL prompt when CVW starts.

KRNL286.EXE should be used when debugging applications in standard mode and KRNL386.EXE should be used when debugging in enhanced mode.

The symbolic information is available only while viewing assembly language listings of Windows code. By default, the symbols are not visible. To view the symbolic information, perform the following two steps:

  1. From the Options menu, choose Source Window.


  2. In the Source Window dialog box under the heading Assembly Listing, check the Show Symbolic Name box. If this box is not checked, no symbols appear in any assembly display.


When the Source Window option has been set, you can step into Windows code or break into the debugger with the CTRL+ALT+SYS RQ key combination and see what function is currently being executed. Note that you will probably break into a private function within Windows for which no symbolic information is available.

When the symbols are loaded, you can set breakpoints at a particular function name, disassemble a Windows function, list all the modules, and list all functions contained in those modules.

Note that whenever you use the name of a Windows function that is defined with the PASCAL calling convention, you must type the name in uppercase letters. When the name of a Windows function begins with a capital letter, such as the GetDC function, the function is defined with the PASCAL calling convention. The name of a function defined with the C calling convention, such as the wsprintf function, begins with a lowercase letter.

To set a breakpoint, use the BP command or the Watch menu, and specify the symbol for the function name.

To disassemble Windows code, use the command

   U [<module>!]<function name> 
where <module> is the name of the module you want to disassemble and <function name> is the name of a function in that module. The character "!" after the module name is required. Disassembly takes place in the source window.

In CVW, the X* command lists all available modules. This command lists the names of all modules in the application and in any loaded DLLs.

Once a module name is known, the following command lists all the functions within that module:

   X? [<module>!]* 

Example

KRNL386.EXE has a module named LDDEBUG. To list the functions in this module, enter the following in the command window:

   X? LDDEBUG!* 
The output window displays many addresses with no symbols, but the listing includes OUTPUTDEBUGSTRING. This shows that the OutputDebugString function is implemented in the LDDEBUG module.

If [<module>!] is not specified, the functions in the current module are displayed.

Using the X command by itself displays all public symbols available to CVW.

Additional query words: no32bit 4.00 4.10

Keywords : kb16bitonly
Version : :3.05,3.14,4.0,4.01,4.1
Platform :
Issue type :


Last Reviewed: October 21, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.