From some books, I knew that the dbgeng.dll is the debug engine for the debugger, it exports lots of methods for debugging.
But with depends, I found that only 3 functions(as below) are exported in the dbgeng.dll, so how can those debuggers like windbg.exe/cdb.exe use the dbgeng.dll
DebugConnect
DebugConnectWide
DebugCreate
I haven't investigated this particular interface in detail, but quite a few DLLs work roughly similarly. Most likely DebugCreate returns (the address of?) some sort of object that has all the calls to do the real debugging (but you need to know things like which function's address is at what offset, and what parameters to load where before you can really use it).
Think of it as sort of an analog of a COM object, but with only one, predefined interface instead of several with the ability to find and use interfaces dynamically.
Download WinDBG and check out the SDK examples, particularly the dumpstk example which shows how to open a crash dump file and print the call stack. Jerry described it correctly, you call DebugCreate to create an instance of an IDebugClient and from there you can create instances of other classes to do debugging related activities.
From the sample:
void
CreateInterfaces(void)
{
HRESULT Status;
// Start things off by getting an initial interface from
// the engine. This can be any engine interface but is
// generally IDebugClient as the client interface is
// where sessions are started.
if ((Status = DebugCreate(__uuidof(IDebugClient),
(void**)&g_Client)) != S_OK)
{
Exit(1, "DebugCreate failed, 0x%X\n", Status);
}
// Query for some other interfaces that we'll need.
if ((Status = g_Client->QueryInterface(__uuidof(IDebugControl),
(void**)&g_Control)) != S_OK ||
(Status = g_Client->QueryInterface(__uuidof(IDebugSymbols),
(void**)&g_Symbols)) != S_OK)
{
Exit(1, "QueryInterface failed, 0x%X\n", Status);
}
}
-scott