Friday, March 16, 2007

C ++ decorated name.

I read the advance breakpoint chapter of Robbin’s book last night.

I am now knowing how to set a breakpoint on os exported functions. It’s amazingJ I’d like to study advance debugging skill after compass is release.

 

Now, the key problem is , as you have indicated, how to find the correct system API function name, such as _MessageBoxExW@20. But there is a small question:

I am confusing about the decorated function name. When I using Depends or dumpbin.exe /Export to view all the exported functions,

for some dlls, it list all the function as decorated name. But for some others, i.e, kernel32.dll, it does not list out the decorated name, just the raw name.

But if I try to set breakpoint with the undecorated name list in Depends, it will not work. Is there a better way to find the function name?

 

 

If a function has a decorated name, then this is the name of a C++ defined function.

In C++ you can have multiple functions with identical names but different signature. To distinguish those functions, they are assigned different internal names, the decorated names.

I think in depends you have an icon in the left column where you can see if it’s a c++ or a c function.

You can read more about this in the VC help.

 

The function naming for ‘normal’ C function is still a little more complicated.

Depending on the debugging information that’s available for VC you need to enter the _xxx@123 name (when the pdb files are loaded) or the xxx name (when the debugger has no symbols but uses only the exported function names information from the dll. And the function names are dependent from the calling convention used for the function.

It should be described in more detail again somewhere in Robbins’ book.

 

If you have installed the symbols and the link to the MS symbol server you should also tell this to the ‘process explorer.’ Options->configure symbols…

As soon as you have done this, you can see call stack information of the running programs from within process explorer.

Just right click on a running process properties->threads->stack

This can be useful if you have a program that appears to ‘hang’

 

 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)