1

I've writen a simple program based on a sample of the wdk that scans the memory from a dump file.

Now, I'd like to do the same on the process while it's running and I'm facing several issues:

  • I don't know how to break the running process

  • when leaving my program, the debugee is closed whereas I called DetachProcess.

Thanks

void ApplyCommandLineArguments(void)
{
    HRESULT Status;

    // Install output callbacks so we get any output that the
    // later calls produce.
    if ((Status = g_Client->SetOutputCallbacks(&g_OutputCb)) != S_OK)
    {
        Exit(1, "SetOutputCallbacks failed, 0x%X\n", Status);
    }

    if (isDump())
    {
        // Everything's set up so open the dump file.
        if ((Status = g_Client->OpenDumpFile(g_DumpFile)) != S_OK)
        {
            Exit(1, "OpenDumpFile failed, 0x%X\n", Status);
        }

        // Finish initialization by waiting for the event that
        // caused the dump.  This will return immediately as the
        // dump file is considered to be at its event.
        if ((Status = g_Control->WaitForEvent(DEBUG_WAIT_DEFAULT,
                                              INFINITE)) != S_OK)
        {
            Exit(1, "WaitForEvent failed, 0x%X\n", Status);
        }
    }
    else
    {
        if ((Status = g_Client->AttachProcess(0,GetPid(),0/*DEBUG_ATTACH_NONINVASIVE*/)) != S_OK)
        {
            Exit(1, "AttachProcess failed, 0x%X\n", Status);
        }       
    }

    // Everything is now initialized and we can make any
    // queries we want.
}
Damien
  • 300
  • 1
  • 8
  • To stop dbgeng.dll permanently uninstall 'Microsoft® Visual Studio® 2005' from your system – Tharif Apr 30 '15 at 08:49
  • How did you manage to detach if you don't know how to attach (break the running process)? What have you tried? Can you show some of your code? – Thomas Weller May 13 '15 at 08:40
  • I attach with IDebugClient::AttachProcess and detach with IDebugClient::DetachProcesses – Damien May 19 '15 at 11:02

0 Answers0