Attach a Debugger When a Process Starts

October 28, 2009

3 comments

You can ask Windows to launch another process (typically a debugger) when launching a process of your choice.

One use of this feature is to configure Calculator to launch whenever you launch Notepad, or configure Excel to launch whenever you launch Word. This is a great way to drive a colleague crazy.

Another use of this feature is to attach a debugger to the startup sequence of a process that can’t be easily started from within the debugger. For example, if you’re debugging the startup of a Windows service, you can’t start it from the debugger; the same applies to dllhost.exe processes in a COM+ environment; and there are other examples.

All you need to do to configure this feature is the Global Flags application available with the Debugging Tools for Windows package. In the Image File tab, input the executable name (including the extension) and hit Tab to refresh, and then check the Debugger checkbox and input the name of the debugger to launch. Finally, click Apply—no system restart is required.

There’s no dark debugger magic involved—when Windows launches the ‘target’ process, it checks the registry for the appropriate flag and if it’s present, it will launch the specified process, pass to it the ‘target’ executable name as the first command line parameter, followed by the rest of the original command line arguments.

For example, to configure Calculator to launch whenever you launch Notepad:

image

A more useful example, where you configure the Visual Studio debugger to launch when you launch MyApp.exe:

image

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

3 comments

  1. Tim LewisOctober 29, 2009 ב 3:51 PM

    Ok, my google foo isn’t working and couldn’t find an answer to this question.. how does windows know not to launch the debugger when the debugger launches the app? For example, if mydebugger.exe gets executed whenever someone runs notepad.exe, then when mydebugger.exe runs notepad.exe, will it instead run mydebugger.exe? How does this not become a catch 22? Is there a reference to some documentation about the app startup process that covers this scenario?

    Reply
  2. Sasha GoldshteinNovember 16, 2009 ב 3:22 AM

    Hi Tim,

    I believe the infinite loop is prevented by the fact that the debugger process will create the debuggee using the DEBUG_PROCESS process creation flag (to CreateProcess). This probably means the CreateProcess code will skip the ImageFileExecutionOptions detection.

    Sasha

    Reply