WaitForDebugEvent question

[sitnspinlock]

Hey guys, I got a question about this api, im a little new to windows programming so bear with me on this.

According to msdn this function can only be used by the thread that created the process being debugged. So assuming that, I went ahead and wrote in an int3 at the instruction I want to break at, my debugger loop picked it up, and I can then fill a CONTEXT structure and get what im looking for (including setting the EIP back one instruction)

my question though is, how can this be done without loading the process with createprocess, seeing as in per the api documentation, the only way to properly use WaitForDebug event is to write a loader with createprocess.

thanks.

[MaiN]

Hey guys, I got a question about this api, im a little new to windows programming so bear with me on this.

According to msdn this function can only be used by the thread that created the process being debugged. So assuming that, I went ahead and wrote in an int3 at the instruction I want to break at, my debugger loop picked it up, and I can then fill a CONTEXT structure and get what im looking for (including setting the EIP back one instruction)

my question though is, how can this be done without loading the process with createprocess, seeing as in per the api documentation, the only way to properly use WaitForDebug event is to write a loader with createprocess.

thanks.

DebugActiveProcess. Also remember DebugSetProcessKillOnExit so the debuggee isn't killed when your debugger detaches.

[sitnspinlock]

So if I'm reading you right on this, WaitForDebugEvent can be called safely after DebugActiveProcess is invoked and all is initialized properly? Thanks for the help.

[_Mike]

The documentation is a bit misleading. I think it should have said something like "only the thread that started the debugging session ...." instead. (Which still applies for DebugActiveProcess() just fyi)

[sitnspinlock]

ok I figured it was something along those lines, thanks to both of you