Wine HQ

  WineHQ Menu
 WineHQ
 AppDB
 Bugzilla
 Wine Wiki
 Wine Forums

  About
 Introduction
 Features
 Screenshots
 Contributing
 News
 Press
 License

  Download
 Get Wine Now

  Support
 Getting Help
 FAQ
 Documentation
 HowTo
 Live Support Chat
 Paid Support

  Development
 Developers Guide
 Mailing Lists
 GIT
 Sending Patches
 To Do Lists
 Fun Projects
 Janitorial
 Winelib
 Status
 Resources
 WineConf

Search WineHQ
Debugging Wine
Wine Developer's Guide
PrevNext

Chapter 1. Debugging Wine

Table of Contents
1.1. Introduction
1.2. WineDbg's modes of invocation
1.3. Using the Wine Debugger
1.4. Useful memory addresses
1.5. Configuration
1.6. WineDbg Expressions and Variables
1.7. WineDbg Command Reference
1.8. Other debuggers

1.1. Introduction

1.1.1. Processes and threads: in underlying OS and in Windows

Before going into the depths of debugging in Wine, here's a small overview of process and thread handling in Wine. It has to be clear that there are two different beasts: processes/threads from the Unix point of view and processes/threads from a Windows point of view.

Each Windows' thread is implemented as a Unix thread, meaning that all threads of a same Windows' process share the same (unix) address space.

In the following:

  • W-process means a process in Windows' terminology

  • U-process means a process in Unix' terminology

  • W-thread means a thread in Windows' terminology

A W-process is made of one or several W-threads. Each W-thread is mapped to one and only one U-process. All U-processes of a same W-process share the same address space.

Each Unix process can be identified by two values:

  • the Unix process id (upid in the following)

  • the Windows's thread id (tid)

Each Windows' process has also a Windows' process id (wpid in the following). It must be clear that upid and wpid are different and shall not be used instead of the other.

Wpid and tid are defined (Windows) system wide. They must not be confused with process or thread handles which, as any handle, is an indirection to a system object (in this case process or thread). A same process can have several different handles on the same kernel object. The handles can be defined as local (the values is only valid in a process), or system wide (the same handle can be used by any W-process).

1.1.2. Wine, debugging and WineDbg

When talking of debugging in Wine, there are at least two levels to think of:

  • the Windows' debugging API.

  • the Wine integrated debugger, dubbed winedbg.

Wine implements most of the Windows' debugging API. The first part of the debugging APIs (in KERNEL32.DLL) allows a W-process, called the debugger, to control the execution of another W-process, the debuggee. To control means stopping/resuming execution, enabling/disabling single stepping, setting breakpoints, reading/writing debuggee memory... Another part of the debugging APIs resides in DBGHELP.DLL (and its ancestor IMAGEHLP.DLL) and lets a debugger look into symbols and types from any module (if the module has been compiled with the proper options).

winedbg is a Winelib application making use of these APIs (KERNEL32.DLL's debugging API and DBGHELP.DLL) to allow debugging both any Wine or Winelib applications as well as Wine itself (kernel and all DLLs).

PrevHomeNext
Developing WineUpWineDbg's modes of invocation