Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- From: "Oleg Starodumov" <com-dot-debuginfo-at-oleg>
- Date: Wed, 11 Oct 2006 12:19:31 +0300
After creating a process with DEBUG_PROCESS flag, when
CREATE_PROCESS_DEBUG_EVENT occurs, what is the state of the process? I
mean when the CREATE_PROCESS_DEBUG_EVENT event occurs is the process's
loading or initialization or dll loading etc is done or just the
address space created. And what would be contents of EIP when this
event occur? If anybody having any idea please let me know.
When "create process" event is sent, the .exe and ntdll.dll have already
been mapped into the process' address space, but code hasn't run yet.
When you let the debuggee continue, the loader runs and loads dlls,
notifying you about it with "load dll" debug events (entry points of
the dlls do not run yet).
The next event is "initial breakpoint" ("exception" event for breakpoint exception).
When you continue the debuggee after that, dll entry points will be called,
and then the entry point of the main executable.
--
Oleg
[VC++ MVP http://www.debuginfo.com/]
.
- Follow-Ups:
- Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- From: Saurav
- Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- References:
- State of process at CREATE_PROCESS_DEBUG_EVENT
- From: ursaurav
- State of process at CREATE_PROCESS_DEBUG_EVENT
- Prev by Date: State of process at CREATE_PROCESS_DEBUG_EVENT
- Next by Date: Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- Previous by thread: State of process at CREATE_PROCESS_DEBUG_EVENT
- Next by thread: Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- Index(es):
Relevant Pages
|
