Is CreateProcessW deprecated?

Question

Is CreateProcessW deprecated?

I could not find the exact answer, so I decided to ask.

I read Windows Internal Debugging, and in the sample it tells me to set a breakpoint on kernel32! CreateProcessW .

But before that, he uses the .symfix debug command to set the debugger symbol search path to point to the Microsoft online symbol server. When I try to set a breakpoint, I get an error that it cannot solve this function (or something like that). It looks like this.

0:000> bp kernel32!CreateProcessW
Couldn't resolve error at 'kernel32!CreateProcessW'

Probably because the list below does not include "kernel32! CreateProcessW".

0:000> x kernel32!CreateProcess*
76b90cb9 KERNEL32!CreateProcessWithTokenW (void)
76b90d84 KERNEL32!CreateProcessAsUserW (void)
76b90d84 KERNEL32!CreateProcessWithLogonW (void)
76b4e225 KERNEL32!CreateProcessWStub = <no type information>
76b72e04 KERNEL32!CreateProcessInternalAStub = <no type information>
76b72e15 KERNEL32!CreateProcessInternalWStub = <no type information>
76b72de2 KERNEL32!CreateProcessAStub = <no type information>
76b72df3 KERNEL32!CreateProcessAsUserWStub = <no type information>

, kernel32! CreateProcessWStub, , kernel32! CreateProcessW.

, , , Windows 7. Windows 8.1 , 32! CreateProcessW ...

, . .

+4

debugging windbg

kenfdev 19 . '14 11:02

1

seva titov · Accepted Answer · 2014-04-21T03:09:31+0000

CreateProcessW . , kernel32.dll, CreateProcessW kernel32.dll, kernelbase.dll.

, , . Windows , DLL , kernel32, ole32, user32, gdi32, . , Raymond Chen 2006 . , , , , kernel32!CreateProcessW , , CreateProcessW, :

0:014> u kernel32!CreateProcessWStub l14
KERNEL32!CreateProcessWStub:
00007ffd`83cf58a8 4c8bdc          mov     r11,rsp
00007ffd`83cf58ab 4883ec58        sub     rsp,58h
00007ffd`83cf58af 488b8424a8000000 mov     rax,qword ptr [rsp+0A8h]
00007ffd`83cf58b7 498943f0        mov     qword ptr [r11-10h],rax
... skip ...
00007ffd`83cf58f5 ff1555871100    call    qword ptr [KERNEL32!_imp_CreateProcessW (00007ffd`83e0e050)]
00007ffd`83cf58fb 4883c458        add     rsp,58h
00007ffd`83cf58ff c3              ret

, , , kernelbase! CreateProcessW


0:014> ln poi kernel32!_imp_CreateProcessW
(00007ffd`82f92604)   KERNELBASE!CreateProcessW   |  (00007ffd`82f926d0)   KERNELBASE!MakeLocHashNode
Exact matches:
    KERNELBASE!CreateProcessW (no parameter info)

, Windows , , , , .

Kernel32.dll Windows 8.1 - CreateProcessW. link /dump /exports :

c:\>link /dump /exports c:\Windows\System32\kernel32.dll | findstr CreateProcessW
        220   DB 000058A8 CreateProcessW = CreateProcessWStub

, , . :

c:\>link /dump /exports c:\Windows\System32\kernel32.dll | findstr EnterCriticalSection
        298  129          EnterCriticalSection (forwarded to NTDLL.RtlEnterCriticalSection)
       1418  589          TryEnterCriticalSection (forwarded to NTDLL.RtlTryEnterCriticalSection)

, WinDbg kernel32! CreateProcess, , WinDbg. .PDB, PE, , , WinDbg . , .PDB , WinDbg PE:

0:014> .sympath .
0:014> .reload
Reloading current modules ....
0:014> x kernel32!CreateProcessW
00007ffd`83cf58a8 <b>KERNEL32!CreateProcessW</b> (no parameter info)

, WinDbg PDB, , .

Is CreateProcessW deprecated?

More articles: