I recently had a problem with my Windows application causing the desktop icons to flicker.  I knew that the LockWindowUpdate API could cause that, but I also knew I didn’t use it.  Maybe one of the libraries I use (MFC?) was doing it.

So I wanted to set a Visual Studio breakpoint on that API’s location.  I tried
{,,user32.dll}_LockWindowUpdate@4 but that didn’t work.  I knew that {,,user32.dll}_SendMessageA@16 works for setting a breakpoint on SendMessage (which is also in user32.dll), so why doesn’t the same thing work for LockWindowUpdate?

It turns out that the function is called NtUserLockWindowUpdate as far as the debugger is concerned, so you need to use {,,user32.dll}_NtUserLockWindowUpdate@4

I don’t know which other APIs have that NtUser prefix, but I bet there are some.

Interestingly, the exported symbol as reported by Dependency Walker is called LockWindowUpdate – it’s only in the debug symbols that it’s NtUserLockWindowUpdate.  I used Dependency Walker to find the symbol’s address: my breakpoint for SendMessage was at 7D94B5BA and Dependency Walker told me that its export address was 1b5ba.  LockWindowUpdate was exported at 27d5c, so a quick bit of maths pointed me to 7D957D5C, and hence the real name of the function:

(By the way, Raymond Chen’s series of posts on LockWindowUpdate are required reading for anyone thinking of using it: What does LockWindowUpdate do?)

This entry was posted on Thursday, March 5th, 2009 at 12:08 am. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.