Use bu in WinDbg and get `Couldn't resolve error at module!func`

在 WinDbg 中設定 breakpoint 時如果遇到 symbol mismatching ，那 WinDbg 就會提示 Couldn't resolve error at module!func 。不過有趣的是，如果今天是用 bu module!func 也遇到一樣的問題，那還會是 symbol not found 嗎?如果此時 stack 是停在 nt!DebugService2 時，那就很有可能也是 symbol not found 了。

0: kd> bu module!func

0: kd> g
Breakpoint 0's offset expression evaluation failed.
Check for invalid symbols or bad syntax.
WaitForEvent failed
nt!DebugService2+0x6:
fffff806`31805296 c3              ret

1: kd> k
 # Child-SP          RetAddr           Call Site
00 ffffde00`16226b68 fffff806`31771955 nt!DebugService2+0x6
01 ffffde00`16226b70 fffff806`317718e7 nt!DbgLoadImageSymbols+0x45
02 ffffde00`16226bc0 fffff806`31b558f1 nt!DbgLoadImageSymbolsUnicode+0x33
03 ffffde00`16226c00 fffff806`31b55423 nt!MiDriverLoadSucceeded+0x18d
04 ffffde00`16226ca0 fffff806`31b54c06 nt!MmLoadSystemImageEx+0x807
05 ffffde00`16226e40 fffff806`31b3800c nt!MmLoadSystemImage+0x26
06 ffffde00`16226e80 fffff806`31b36f22 nt!IopLoadDriver+0x23c
07 ffffde00`16227050 fffff806`31b36c32 nt!PipCallDriverAddDeviceQueryRoutine+0x1be
08 ffffde00`162270e0 fffff806`31b365f0 nt!PnpCallDriverQueryServiceHelper+0xda
09 ffffde00`16227190 fffff806`31b35d83 nt!PipCallDriverAddDevice+0x41c
0a ffffde00`16227350 fffff806`31b2fcc6 nt!PipProcessDevNodeTree+0x333
0b ffffde00`16227420 fffff806`3176efba nt!PiRestartDevice+0xba
0c ffffde00`16227470 fffff806`3168e5c5 nt!PnpDeviceActionWorker+0x46a
0d ffffde00`16227530 fffff806`317265f5 nt!ExpWorkerThread+0x105
0e ffffde00`162275d0 fffff806`318048d8 nt!PspSystemThreadStartup+0x55
0f ffffde00`16227620 00000000`00000000 nt!KiStartSystemThread+0x28

1: kd> bc *

1: kd> bu module!func
Couldn't resolve error at 'vmodule!func'

為什麼呢?此時不是使用 Set Unresolved Breakpoint 嗎?嗯嗯，Unresolved Breakpoint 也是有需要 resolve 的時候，剛好系統正在載入新 module ，而且符合 bu 指定的 module name ，那就會開始 resolve symbol name ，如果找不到一樣會跳出 Couldn't resolve error at 'vmodule!func' 了。