#1
|
|||
|
|||
IDA debugging sub processes
Is it possible to load a sub processes symbols. I want to debug an application which spawns command line applications by CreateProcess system call. I want to break at certain functions on the sub process. Any advice/pointers to resources will be helpful.
Thanks |
#2
|
|||
|
|||
The easiest way I can think of is
1. Run a Standard API spy utility... 2. Capture the parameters of the CreateProcess API call (eg exename and command line paramters) 3. Manually run that command line EXE with the command line paramters in your debugger and debug that application seperately. Alternatively you can wait for the spawned application to run and then sue the "Attach to process" feature in Ollydebug This attaches the debugger to a currently active process in memory. Here you can view the command line paramters and debug as normal. Im sure IDA natively supports debugging a spawned process and will be interested to find out how. |
#3
|
|||
|
|||
Thanks for your suggestions. Actually a lot of applications are spawned from the main application. And the arguments seems to change on every invokation. This precludes me from replicating the actual environment reliably. I wanted the full featured dissamble feature of IDA while debugging. As I am relaively new to RE, any pointers to use IDA symbols while debugging will be useful.
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Hiding processes using FROST (64bit) | typedef | x64 OS | 6 | 05-22-2014 23:21 |
How to inject my dll into all user processes [Win]? | bearek | General Discussion | 17 | 03-08-2005 02:12 |
LordPE limited to 60 processes? | tbone | General Discussion | 0 | 07-01-2004 06:35 |