Next, I grepped around for APIs that had file in the name (recalling Win32 penchance for using GET prefix as well):ħcab72a3 SHEL元2!GetFileNameFromBrowse ()ħc8017e9 kernel32!GetSystemTimeAsFileTime ()ħc80f9ed kernel32!GetPrivateProfileStringW ()ħc810cfd kernel32!GetFileInformationByHandle ()ħc811185 kernel32!GetFileAttributesExW ()ħc813841 kernel32!GetFileAttributesExA ()ħc81eda5 kernel32!GetPrivateProfileSectionW ()ħc832748 kernel32!GetPrivateProfileIntW ()ħc832b6e kernel32!GetPrivateProfileStringA ()ħc832dbf kernel32!GetPrivateProfileSectionNamesA ()ħc835f39 kernel32!GetPrivateProfileSectionA ()ħc83644c kernel32!GetPrivateProfileIntA ()ħc8384f3 kernel32!GetCPFileNameFromRegistry ()ħc85ca12 kernel32!GetPrivateProfileSectionNamesW ()ħc85ca33 kernel32!GetPrivateProfileStructA ()ħc85cb9d kernel32!GetPrivateProfileStructW ()ħc85e279 kernel32!GetCompressedFileSizeW ()ħc85e3a1 kernel32!GetCompressedFileSizeA () These are completely useless since CMake 3.0 and the introduction of string(TIMESTAMP) command. I lined up symbols using public http symbol server using sympath below (make sure you create c:\syms for local symbol store, this speeds up things): Two CMake macros returning the current date (format yyyy-mm-dd) and the current time (hh:mm:ss).
Next I started windbg, attached to Explorer.exe.
I downloaded the debugging tools for Windows here:
Ok, I was lazy and here is how I determined the API.įirst, I know that it's probably a kernel32 or shell32 function from past experience.