Process Hacker Discussion Forum

 
440bx
Member
Posts: 65
Joined: 02 Jul 2021 23:33

DbgUiRemoteBreakin prototype

22 Aug 2021 23:58

The process hacker prototype for this function shows it takes one parameter (a pointer) however, the definition in ReactOS shows it as taking no parameters.

A disassembly of the function shows it takes no parameters even though the PDB symbols say it takes one.

I am inclined to believe that ReactOS' definition is correct.

Any comments welcome. Thank you.
 
User avatar
dmex
Admin
Posts: 1693
Joined: 17 Jan 2011 05:43

Re: DbgUiRemoteBreakin prototype

23 Aug 2021 18:05

440bx wrote: 22 Aug 2021 23:58
A disassembly of the function shows it takes no parameters even though the PDB symbols say it takes one.
The symbols are correct. If you're using IDA to disassemble these functions then beware that they're using the NDK sdk which is also used by ReactOS and that SDK has the wrong types for a lot of internal functions on Windows 10, so IDA ends up showing the wrong disassembly for this function.

When you correct the IDA definition then it'll show the correct disassembly. You'll be able to see the Context parameter being passed into g_LdrpWow64PrepareForDebuggerAttach so the prototype we're using is correct.
 
440bx
Member
Posts: 65
Joined: 02 Jul 2021 23:33

Re: DbgUiRemoteBreakin prototype

23 Aug 2021 23:22

dmex wrote: 23 Aug 2021 18:05
The symbols are correct. If you're using IDA to disassemble these functions then beware that they're using the NDK sdk which is also used by ReactOS and that SDK has the wrong types for a lot of internal functions on Windows 10, so IDA ends up showing the wrong disassembly for this function.

When you correct the IDA definition then it'll show the correct disassembly. You'll be able to see the Context parameter being passed into g_LdrpWow64PrepareForDebuggerAttach so the prototype we're using is correct.
Good things to know. Thank you dmex.