Tip – Demonstrates how to debug a child process while debugging the parent process?
Details – Usually we use Visual Studio (of any version) to debug the a process. This can be done either by open the project and start debugging or attach a running process to Visual Studio. What if the debuggee (the process being debugged) is spawning another process which you may also interested to debug? Visual Studio doesn’t support this feature and we can make this happen through WinDBG. Usually developers call DebugBreak or make some purposeful exceptions to attach to debugger. But some early exceptions during the startup are hard to catch using this method.
Steps for debugging.
1. Launch parent process and attach to WinDBG
2. The execution of the attached process will be stopped and the command Window will be enabled.
3. Enter “.childdbg 1” in command Window.
4. Now press F5 or enter “g” command to continue operation.
5. Whenever parent process creates the child process, it will break the execution and you can put break points or whatsoever you want to do with child process.
Below screenshots are taken by attaching beyond compare to WinDBG and just start notepad.exe from it. (This is just for the sake of an example)
1. Launch parent process and attach to WinDBG
2. The execution of the attached process will be stopped and the command Window will be enabled.
3. Enter “.childdbg 1” in command Window.
4. Now press F5 or enter “g” command to continue operation.
5. Whenever parent process creates the child process, it will break the execution and you can put break points or whatsoever you want to do with child process.
Below screenshots are taken by attaching beyond compare to WinDBG and just start notepad.exe from it. (This is just for the sake of an example)
NB: While debugging with WinDBG, it’s necessary to set properly symbols and source file for smooth debugging. Otherwise debugging could be a mess. For more help on debugging multiple process and processor context switch, please see the help file associated with WinDBG.
PS: We can enable a simple trick to use Visual Studio for Child Process Debugging. Create a new key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ and provide the debugger name as string value under this key. For Sample.exe, it may appear as below.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sample.exe]
"Debugger"="vsjitdebugger.exe"
But this is not really a good method. It only a simple workaround.
Posted by - Sarath C
PS: We can enable a simple trick to use Visual Studio for Child Process Debugging. Create a new key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ and provide the debugger name as string value under this key. For Sample.exe, it may appear as below.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sample.exe]
"Debugger"="vsjitdebugger.exe"
But this is not really a good method. It only a simple workaround.
Posted by - Sarath C
No comments:
Post a Comment