i'm having hard time control application using windbg, had posted question here , left approach i'm not able figure out way on how achieve that. i'm working on approach after breakpoint hit, branch out application execution , prompt input user running debugger.
dword dwrand = 0; volatile bool bdebug = false; if (!bdebug) { dwrand = rand(minvalue, maxvalue); } else { cout << "\n enter dwrand: "; cin >> dwrand; } return dwrand; so idea set bdebug , input user can continue other threads execution , waiting user input. found these links1 2 3 explaining technique attach process running remotely. tried windbg command options did not turn out solution me. can suggest me on how achieve this.
the pseudo code above not convey intent.
i not sure why require kernel debugging connection remote debug executable (reference link in query)
if want debug executable running in remote machine can connect use remote debugging connection session.
a sample setup enumerated below debugs calc.exe running in remote machine using remote debugging session
host-----------------physical machine xp sp3 32 bit
target---------------virtual machine xp sp3 32 bit
network--------------loop adapter
c:\>net view | grep -i xp & echo kd wont connect target not booted /debug \\xpsp3vm kd wont connect target not booted /debug c:\>kd -k com:pipe,port=\\.\pipe\debugpipe,resets=0,reconnect opened \\.\pipe\debugpipe waiting reconnect... ^b <---------force exit "lets run windbg -server npipe:pipe=\\.\pipe\debugpipe -v calc.exe in target machine , connect cdb -server:xxxx host c:\>cdb -remote npipe:server=xpsp3vm,pipe=\\.\pipe\debugpipe connected server 'npipe:server=xpsp3vm,pipe=\\.\pipe\debugpipe' commandline: calc.exe (mapped shared folder in host) symbol search path is: srv*z:\*http://msdl.microsoft.com/download/symbols 7c90120e cc int 3 \admin (npipe \\.\pipe\debugpipe) connected @ wed jul 22 11:49:41 2015 0:000> .echo "yay remote debucking now" yay remote debucking 0:000> lm m calc* start end module name 01000000 0101f000 calc (deferred) .clients \admin (npipe \\.\pipe\debugpipe), last active wed jul 22 11:54:19 2015 hostmachine\hostuser, last active wed jul 22 11:44:06 2015 0:000> kb childebp retaddr args child 0007fb1c 7c9402ed 7ffde000 7ffdf000 00000000 ntdll!dbgbreakpoint 0007fc94 7c91fad7 0007fd30 7c900000 0007fce0 ntdll!ldrpinitializeprocess+0x1014 0007fd1c 7c90e457 0007fd30 7c900000 00000000 ntdll!_ldrpinitialize+0x183 00000000 00000000 00000000 00000000 00000000 ntdll!kiuserapcdispatcher+0x7 0:000> .echo "only echo echoed other aw dumped here" echo echoed other aw dumped here a screenshot added in case written sounds gibberish
Comments
Post a Comment