Microsoft KB Archive/256092

From BetaArchive Wiki

PRB: SymInitialize() May Not Return If fInvadeProcess Is TRUE


The information in this article applies to:

  • Microsoft Win32 Application Programming Interface (API), on platform(s):
    • Microsoft Windows NT Server version 4.0
    • Microsoft Windows NT Workstation version 4.0
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional
    • Microsoft Windows 2000 Server


On Windows NT 4.0, the SymInitialize function does not return if the fInvadeProcess parameter is TRUE and the calling thread is responsible for handling debug events as a debugger.


The debugger application gets a handle to all the modules that are loaded in the debuggee process when a particular DEBUG_EVENT occurs. So, the debugger application should call SymInitialize with the fInvadeProcess parameter specified as FALSE; the SymLoadModule function can be explicitly called to load the symbol information. The symbol information of the debuggee process executable can be loaded with the u.CreateProcessInfo.hFile handle in the DEBUG_EVENT structure when CREATE_PROCESS_DEBUG_EVENT occurs. Similarly, the symbol information for each of the dynamic-link libraries (DLLs) that are mapped in the debuggee process can be loaded with the u.LoadDll.hFile handle in the DEBUG_EVENT structure when LOAD_DLL_DEBUG_EVENT occurs.


If SymInitialize is called with fInvadeProcess parameter as TRUE, DbgHelp will enumerate the loaded modules for the process specified and effectively call SymLoadModule to load symbol information. If the process handle that is specified is not the current process handle or the current process ID, the system creates a remote thread in the debuggee process and waits for the remote thread to exit for collecting the information about loaded modules.

On Windows NT 4.0, the remote thread that is created in the debuggee process is seen by the debugger application. The remote thread runs only when its corresponding CREATE_THREAD_DEBUG_EVENT is handled by the debugger application and the ContinueDebugEvent function is called on that thread. Because the debugger thread waits for SymInitialize to return, it will not be able to call WaitForDebugEvent, handle the remote CREATE_THREAD_DEBUG_EVENT, and call ContinueDebugEvent. This causes a deadlock on Windows NT 4.0. As a result, SymInitialize will not return when the function is called from a debugger thread that is responsible for handling debug events.

On Windows 2000, the remote thread that is created is hidden from the debugger application. So, the system does not send a corresponding CREATE_THREAD_DEBUG_EVENT to be handled by the debugger application. Therefore, the SymInitialize function call returns successfully on Windows 2000.

Additional query words:

Keywords : kbAPI kbDebug kbKernBase kbSDKPlatform kbSDKWin32 kbDSupport kbGrpDSKernBase
Issue type : kbprb
Technology : kbAudDeveloper kbWin32sSearch kbWin32API

Last Reviewed: October 23, 2000
© 2001 Microsoft Corporation. All rights reserved. Terms of Use.