How to debug startup code for a process which is started by some other executable!

How to debug startup code for a process which is started by some other executable!

Rate This
  • Comments 1

Yet another debugging challenge..

The problem is, we want to debug the startup code for an application which is run by some other application! e.g. I will open a console (cmd.exe) which in turn opens calc.exe and I want to debug the initial calc.exe code..

Windbg has solution to this problem! When you select "open an executable", you have a small checkbox saying "Debug child processes also" which actually makes sure that all the processes spawned by parent EXE (which you select in this dialog!) are also attached by debugger.

image

If you are interested in command line option, '-o' option is at disposal.

image

Its only this scenario when '|' command is used (at least in user mode)! Because when we attach to any child processes, it shows the current process being debugged in space left to command line in windbg, as shown below!

image

If you give command | you will be able to see all the processes in list which can be debugged (only one process can be debugged at a time!). You will get output similar to one shown below.

image

We can also move between different processes by using |<number>s command. e.g. in above example, if we want to go back to debug cmd.exe, we have to give command |0s. 

PS: This works only if you are opening (spawning) parent executable.. 'Attach to process' does not have this option of debugging all child processes!

Stay tuned.. Wave

Leave a Comment
  • Please add 1 and 4 and type the answer here:
  • Post
Page 1 of 1 (1 items)