Hi all,
Apologies in advance for what is probably a dumb question...
I'm trying to debug a windows application by breaking on a call to a DLL function - in fact it's the NtCreateKey function within the ntdll library.
I must be missing something fundamental because the debugger indicates that it has set a delayed breakpoint, but the breakpoint is never reached, although turning on debugging messages clearly indicates that the function is being called.
Here's a typical attempt:
$ WINDEBUG=reg winedbg MSMONEY.EXE ... (lots of startup calls to reg) ... In 32 bit mode. Wine-dbg>break NtCreateKey fixme:dbghelp:elf_new_wine_thunks Duplicate in midimap.drv<elf>: _edata<5b828a10 -00000000> completed.1<5b828a10-00000000> ... (snip) ... No symbols found for NtCreateKey Unable to add breakpoint, will check again when a new DLL is loaded Wine-dbg>info break No breakpoints No watchpoints Delayed breakpoints: 0: NtCreateKey Wine-dbg>cont trace:reg:NtCreateKey(0x28,L"Software\Microsoft\Windows\CurrentVersion\AppPaths\MSMONEY.EXE",L"",1,1,0xb9fd04) trace:reg:NtCreateKey <- 0x50 trace:reg:RegQueryValueExA(0x50,"Path",(nil),0xb9fcf8,0xb9f318,0xb9fd00=260) ... (etc till program ends) ...
I've spent a couple of hours searching for more information on how to use this capability of the debugger, but with no luck - can anyone tell me what I'm doing wrong?
Thanks, Adrian