I have a process that changes its current directory, and I would to know when and where it happens. How could I do that?
I tried setting a breakpoint in SetCurrentDirectoryA/SetCurrentDirectoryW with Visual Studio, but it does not work.
A:
You need to attach/debug the process using native code. If you by mistake are debugging using managed code you will not hit those breakpoints.
Martin Liversage
2010-09-27 15:10:14
I was using native code.
Jazz
2010-09-27 15:26:31
You should be able to set breakpoints at API entry points. Are you using a symbol server to get the symbols? If I remember correctly I placed my breakpoint at the first assembler instruction of the API function when I last tried to do something similar to what you are doing.
Martin Liversage
2010-09-27 15:33:23
Yes, I use a symbol server, abd kernel32.dll symbols are correctly loaded, but I cannot set a breakpoint in SetCurrentDirectoryA, at least in Visual Studio 2005 (it says the function cannot be found).
Jazz
2010-09-28 09:45:20
A:
Your program may be changing directories using the msvcrt functions. You should try placing breakpoints on these functions as well:
_chdir
_chdrive
Jason
2010-09-28 13:10:20
Those will eventually wind up in the kernel32 SetCurrentDirectoryA/W functions - safer to break on those and step back to user code.
snemarch
2010-09-28 13:15:57
+2
A:
Are you debugging one of your own programs, or one that you don't have the source code for? The Visual Studio debugger isn't very friendly with regards to debugging no-source applications; in that case, I would recommend WinDbg or OllyDbg - or even skipping the debugger and write an instrumented logger using EasyHook.
EDIT:
Try setting a breakpoint at {,,kernel32.dll}_SetCurrentDirectoryA@4 - peculiar syntax and requires decorated names. Haven't tried it myself, but found it here. Google keywords: "visual studio breakpoint api" :)
snemarch
2010-09-28 13:30:25