While debugging crash dump generation issue as described in blog on Dr Watson gotcha, I noticed that you can’t set a breakpoint on kernerl32 functions since microsoft symbols server gives you access to stripped public symbols only. This is one of those scenario where you would rather have export symbols.
While doing live debugging or attaching a debugger to generate a dump when it hits a breakpoint on kernel32!SetUnhandledExceptionFilter
Steps using WinDbg
Run the following command
0:021> bm kernel32!SetUnhandledExceptionFilter
You can use bm to set a symbol breakpoint that matches the pattern.
If you have symbol server path set correctly pointing to microsoft public symbol server, WinDbg will display the following message and it suggest you to switch to export symbols
No matching code symbols found, no breakpoints set.
If you are using public symbols, switch to full or export symbols.
How to Switch to Export Symbols to set a breakpoint?
Run the following commands
- 0:000> .sympath c:\windows\system32
Symbol search path is: c:\windows\system32
This will set your symbol path to kernel32.dll which should be under your windows system folder in my case it is “c:\windows\system32″
- 0:000> .reload /f kernel32.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\system32\kernel32.dll -
Don’t worry about ERROR message because this is what we want, we want it be to set to export symbols. .reload command will reload the symbols for kernerl32.dll defaulting to export symbols
- 0:000> bm kernel32!SetUnhandledExceptionFilter
breakpoint 6 redefined
6: 7617d16f @!”kernel32!SetUnhandledExceptionFilter”
And your breakpoint is set using export symbols and of course you can use depends for all the exported symbols.