When using the visual studio debugger, I've got a the value for a HANDLE to a windows event synchronization object. Is it possible to tell (and ideally set up a watch) that shows whether the event is set or not?
Asked
Active
Viewed 1,247 times
2 Answers
4
This is not possible using the Visual Studio debugger. WinDbg, on the other hand, offers the !handle extension command. Passing a 0xf UMFlags shows extensive information, including whether the event object is signaled. While it is possible to use WinDbg from Visual Studio, I found it somewhat tedious to do so.
Another option worth considering is setting a breakpoint on ntdll.dll!NtSetEvent (Debug -> New Breakpoint -> Break at Function...). Adding a condition (rightclicking the breakpoint -> Condition...) @rax == <handle value> will only break, if the parameter is the specific <handle value> you are interested in. This is for a 64-bit build. For a 32-bit build the condition would be *((unsigned int*)(@esp+4)) == <handle value>.
Setting up a breakpoint as outlined above has one - potentially significant - limitation: It will only get hit, if the event object is set from user mode code. If the event object gets signaled from kernel mode while servicing a user mode request, the breakpoint residing in user land won't get hit.
Community
- 1
- 1
IInspectable
- 46,945
- 8
- 85
- 181
0
probably off-topic; if you have a kernel debugger connection to the target, you can inspect event's DISPATCHER_HEADER::SignalState. nonzero likely means signaled. Why only likely? Because it is not documented.
Sergei Vorobiev
- 364
- 2
- 8