I am debugging 'smartgit for windows'. I want to know how it invokes 'git' (command it pass to git). I start VS and attach the process of smartgit.
I suspect it communicates with git by windows pipe, and other APIs like ReadFile and WriteFile and so on, so set breakpoints at those functions.
After some Options be set, I tick off 'Just My Code' and delete all exclude modules In symbol settings then I download symbols. and I can ensure that 'Kernel32.pdb' was loaded.
'smartgit.exe' (Win32): Loaded 'Q:\Program Files (x86)\SmartGit\bin\smartgit.exe'. Module was built without symbols.
'smartgit.exe' (Win32): Loaded 'C:\Windows\SysWOW64\ntdll.dll'. Symbols loaded.
'smartgit.exe' (Win32): Loaded 'C:\Windows\SysWOW64\kernel32.dll'. Symbols loaded.
'smartgit.exe' (Win32): Loaded 'C:\Windows\SysWOW64\KernelBase.dll'. Symbols loaded.
'smartgit.exe' (Win32): Loaded 'C:\Windows\SysWOW64\user32.dll'. Symbols loaded.
_ReadFile@20:
765EF0C0 8B FF mov edi,edi
but still I got the disasm code view when bps were triggered. I am quiet sure that I have ticked 'Show Source Code' option.
765EF0C2 55 push ebp
765EF0C3 8B EC mov ebp,esp
765EF0C5 6A FE push 0FFFFFFFEh
765EF0C7 68 C0 52 68 76 push 766852C0h
WHY? and how to view C code of ReadFile, I want to know what it(smartgit) reads and writes. So I inspect through lpBuffer.
pdb files not containing source code. it can containing information how map RVA address to source file/line. but this information is useful only if you have this source files. because you have no source files for windows system dlls (ntdll, kernel32, kernelbase..) you and can not view it c/c++ code in debugger. and usual information about source files/lines is stripped from system pdbs - because source files anyway not exist for download. but with pdb files you can view internal functions and symbols names (not only exported symbols) - already great advantage which very help in debugging.
in case ReadFile - for what you need source code here ? when you can view say lpBuffer address in [esp + 8] at first instruction (765EF0C0 in your dump) and then in [ebp+0xc] ?