2

I am debugging a cygwin gcc compiled process that would be loaded from a native windows program via CreateProcess. I would like to set a break point before main for example at mainCRTStartup.

How to I attach to the process that is yet not loaded and set a break Point at mainCRTStartup?

Note

If it matters, Its not the XY problem. I am analyzing a possible bug in Windows 2012 R2 and need to trace the entire command line passed from the invocation of the CreateProcess till the main entry point of the loaded process. Before I can approach MS, I would need to be certain on where the issue is.

Also I need to use gdb because WinDBG possibly cannot source debug a cygwin gcc compiled binary.

What have I tried

Using gflags, I tried to invoke gdb when ever the image loads, but then unfortunately, was greeted with a message "File Name too Long", and then invoking gdb without any active process

The problem with this approach is, gflags invokes the debugger with the image name followed by the command line parameter, where as gdb expects a PID or an image name without the command line parameter. Reference How to attach a process in gdb

Community
  • 1
  • 1
Abhijit
  • 62,056
  • 18
  • 131
  • 204
  • How would you do *anything* to a process that doesn't exist? It's very simple: You can't. And would you mind telling us *why* you would want to do that? (Please read about [the XY problem](http://meta.stackoverflow.com/questions/66377/what-is-the-xy-problem).) – Some programmer dude May 18 '14 at 18:39
  • @JoachimPileborg: Its not `the XY problem`. I am analyzing a possible bug in Windows 2012 R2 and need to trace the entire command line passed from the invocation of the CreateProcess till the main entry point. Before I can approach MS, I would need to be certain on where the issue is. – Abhijit May 18 '14 at 18:44
  • You didn't tell us *why* you wanted to do what you wanted to do, you just wanted to know how to make your current solution work. So indeed an XY problem. Now we at least know what you want to do, and someone knowledgeable will be able to say if your wanted solution is possible or if there are other solutions (the last which no one could do before). – Some programmer dude May 18 '14 at 18:49
  • Do you absolutely have to use gdb? If you just need to inspect command line arguments, maybe you could get the job done with WinDbg (either by setting it as the process debugger with GFlags, or attaching to the parent process and running `.childdbg 1`). – nobody May 18 '14 at 19:18
  • @AndrewMedico: Can WinDBG debug cygwin gcc compiled binaries with source? – Abhijit May 18 '14 at 19:19
  • I don't think it can do source debugging of Cygwin processes, but if you're just trying to inspect the command-line coming in WinDbg should be able to show you that without source. – nobody May 18 '14 at 19:23
  • Another option would be to set WinDbg as the debugger, let the process get created and break into WinDbg, get the PID, attach gdb, `.abandon` the process from WinDbg, and do your debugging in gdb. – nobody May 18 '14 at 19:24
  • @AndrewMedico: I have already inspected the Command Line from bird's view using proxexp and procmon, and it shows, the command line received by the called process has problem. So would like to dig further as to what happens, when GetCommandLineW is getting called from the crt of the called process. Can WinDBG possibly help me out here? – Abhijit May 18 '14 at 19:25
  • @AndrewMedico: Before I try, quick question. Can I attach another debugger if WinDBG attaches to the process intrusively ? – Abhijit May 18 '14 at 19:26
  • @Abhijit http://msdn.microsoft.com/en-us/library/windows/hardware/ff554364(v=vs.85).aspx implies that you can, but I haven't personally verified it. Should be pretty easy to try though. – nobody May 18 '14 at 19:29
  • @AndrewMedico: I tried, but gdb refuses to attach to the process. May be this might work with WinDBG – Abhijit May 18 '14 at 20:24

2 Answers2

0

You can instruct Windows to automatically run certain processes under a debugger whenever they are launched. This is done by creating a registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<whatever.exe>\Debugger of type REG_SZ containing the full path/name of the gdb executable you want to use as a debugger.

References:

  1. http://msdn.microsoft.com/en-us/library/a329t4ed(vs.71).aspx
  2. http://bugslasher.net/2011/03/26/how-to-debug-a-process-as-soon-as-it-starts-with-windbg-or-visual-studio-2010/
nobody
  • 19,814
  • 17
  • 56
  • 77
  • I believe I tried a similar thing using gflags, but was greeted with a message "File Name too Long", and then invoking gdb without any active process :-( – Abhijit May 18 '14 at 19:10
  • The problem with this approach is, gflags invokes the debugger with the image name followed by the command line parameter, where as gdb expects a PID or an image name without the command line parameter, reference [How to attach a process in gdb](http://stackoverflow.com/questions/14370972/how-to-attach-a-process-in-gdb) – Abhijit May 18 '14 at 19:20
0

Well, you CAN actually do this, I think. If you're willing to put in some effort.

Steps: 1) Build your own copy of cygwin1.dll, as explained here: http://cygwin.com/faq.html#faq.programming.building-cygwin. Add the "--enable-debugging" flag when you configure.

2) Replace the existing cygwin1.dll with your own copy, as described here: https://cygwin.com/faq.html#faq.setup.snapshots (obviously you won't be doing the tar stuff)

3) Set the environment variable CYGWIN_DEBUG=, where is the name of the program you're trying to debug. Beware that Cygwin uses essentially a "contains" method here, I think. So, it will launch a gdb session any time you attempt to launch a program whose name contains the string you put in your CYGWIN_DEBUG variable

Caveats:

1) The --enable-debugging switch will make your apps run very slowly, and is not entirely stable.

See here: http://cygwin.com/ml/cygwin/2014-05/msg00316.html

SeeJayBee
  • 1,188
  • 1
  • 8
  • 22