Share via

How to debug WinHTTP API proxy detection

MSDN_userSince1994_newaccount2023 0 Reputation points
2026-01-07T16:05:38.5533333+00:00

When Win32 application/service code calls the WinHTTP APIs that are supposed to detect administrator-configured web proxies, there is an obvious need to test that the calls work with each of the ways that a system administrator may have configured the proxies that users on their network must use.

However the Microsoft documents I have found don't seem to specify methods to debug this detection on modern Windows 11 machines and/or on older Windows operating systems. The issues to debug are, in general, why the detection fails in a concrete application context, and why arguments and flags passed to the APIs are interpreted as disabling the detection in particular scenarios.

Some documents claim that this can be logged to ETL files via the "netsh trace" command, but attempting to do so seems to result in an ETL file with no viewable entries . Attempts to step into WinHTTP.DLL with a Microsoft debugger seems to find no debug symbols, making it hard to understand what is happening.

My particular scenario involves calling WinHttpGetProxyForUrl() in the WoW64 32-bit WinHTTP.DLL under a 64-bit Windows OS, where the desire is for WinHTTP.DLL to talk to the "WinHTTP Web Proxy Auto-Discovery Service" to obtain and interpret a site specific WPAD file.

Windows development | Windows API - Win32
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jack Dang (WICLOUD CORPORATION) 8,220 Reputation points Microsoft External Staff Moderator
    2026-01-08T06:24:31.28+00:00

    Hi @MSDN_userSince1994_newaccount2023 ,

    Thanks for reaching out.

    You’re not overlooking anything obvious here - WinHTTP proxy auto-detection is genuinely difficult to debug, and the available documentation doesn’t clearly describe how to observe what’s happening internally, especially on newer versions of Windows.

    One important thing to set expectations upfront: WinHTTP largely behaves like a black box. The winhttp.dll used by both 32-bit and 64-bit processes does not expose public debug symbols, so stepping into it with a debugger won’t provide much insight. When proxy detection fails, it often does so silently, which makes it feel like the API is ignoring flags or configuration.

    Before going deep into tracing, it’s worth validating the environment, since many failures turn out not to be code-related. Please ensure that the WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc) is running, that WPAD is actually reachable on the network (DNS/DHCP), and that the PAC file works when tested directly. Also note that WinHTTP does not use browser proxy settings - it has its own configuration and service path.

    Since your scenario involves calling WinHttpGetProxyForUrl() from a 32-bit process running under WoW64, bitness does matter when debugging. While WinHTTP proxy settings are system-wide, a 32-bit client runs under a different execution context and may observe configuration differently due to redirection and policy application. For that reason, when validating configuration, it can be useful to query it using the same bitness as the application, for example:

    %windir%\SysWOW64\netsh winhttp show proxy

    This helps ensure you’re inspecting WinHTTP from the same perspective as the calling process.

    Regarding logging, generic netsh trace sessions often don’t capture useful WinHTTP details, which aligns with what you observed. If ETW tracing is needed, you’ll need to enable specific WinHTTP ETW providers (for example via logman or the InternetClient tracing scenario). Even then, the traces are mainly useful for confirming that auto-detection or PAC download was attempted; they generally won’t explain why a particular flag combination disabled detection or how the PAC logic was evaluated internally.

    When debugging API usage itself, it’s important to be very strict:

    • Log all flags passed to WinHttpGetProxyForUrl
    • Check return values and call GetLastError() immediately on failure
    • Be mindful of differences between service and interactive contexts
    • Avoid reusing handles in ways not explicitly documented

    Small differences in flags or calling context can completely change WinHTTP behavior without producing obvious errors.

    A practical approach that often helps is comparison testing: run the same call in a minimal test app, with the same bitness and flags, on a machine where WPAD is known to work. Comparing 32-bit vs 64-bit or service vs desktop behavior usually highlights the underlying difference quickly.

    In short, there isn’t a single “enable verbose logging” switch for WinHTTP proxy detection. Debugging it is mostly about validating the environment, matching bitness, enabling the right ETW providers, and narrowing down differences through controlled testing rather than stepping through WinHTTP internals.

    Hope this helps! If my answer was helpful - kindly follow the instructions here so others with the same problem can benefit as well.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.