Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- From: "Saurav" <ursaurav@xxxxxxxxx>
- Date: 14 Oct 2006 01:38:22 -0700
As you said that the afetr CREATE Process event the loader does the
loading of other dlls. This means that if some API, say CreateFile() in
kernel32.dll is called after this event, then it should give exception
or access violation fault? Am i rigth Oleg?
Oleg Starodumov wrote:
Thanks Oleg for the reply. There is one more doubt. If the loader runs
after "create process" in the context of APC then who loads the
ntdll.dll?
It is loaded by the kernel, while it is processing NtCreateProcess call
made by the process that starts the debuggee process.
Can i figure out the status of the process using any debugger like windbg?
Yes, you can - enable it to break on the interesting debug events
and check the state of the process. E.g. "sxe cpr" enables to break
on "create process" event.
Oleg
.
- Follow-Ups:
- Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- From: Saurav
- Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- References:
- State of process at CREATE_PROCESS_DEBUG_EVENT
- From: ursaurav
- Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- From: Oleg Starodumov
- Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- From: Saurav
- Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- From: Oleg Starodumov
- Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- From: Saurav
- Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- From: Oleg Starodumov
- State of process at CREATE_PROCESS_DEBUG_EVENT
- Prev by Date: profile in vc6
- Next by Date: Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- Previous by thread: Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- Next by thread: Re: State of process at CREATE_PROCESS_DEBUG_EVENT
- Index(es):
Relevant Pages
|
