Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Old 04-25-2004, 15:00
Bram Kate
Posts: n/a
IDA debugging sub processes

Is it possible to load a sub processes symbols. I want to debug an application which spawns command line applications by CreateProcess system call. I want to break at certain functions on the sub process. Any advice/pointers to resources will be helpful.

Reply With Quote
Old 04-28-2004, 21:31
redbull redbull is offline
Join Date: Mar 2004
Posts: 160
Rept. Given: 17
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 6 Times in 6 Posts
redbull Reputation: 5
The easiest way I can think of is
1. Run a Standard API spy utility...
2. Capture the parameters of the CreateProcess API call (eg exename and command line paramters)
3. Manually run that command line EXE with the command line paramters in your debugger and debug that application seperately.

Alternatively you can wait for the spawned application to run and then sue the "Attach to process" feature in Ollydebug
This attaches the debugger to a currently active process in memory. Here you can view the command line paramters and debug as normal.

Im sure IDA natively supports debugging a spawned process and will be interested to find out how.
Reply With Quote
Old 05-03-2004, 18:28
Bram Kate
Posts: n/a
Thanks for your suggestions. Actually a lot of applications are spawned from the main application. And the arguments seems to change on every invokation. This precludes me from replicating the actual environment reliably. I wanted the full featured dissamble feature of IDA while debugging. As I am relaively new to RE, any pointers to use IDA symbols while debugging will be useful.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hiding processes using FROST (64bit) typedef x64 OS 6 05-22-2014 23:21
How to inject my dll into all user processes [Win]? bearek General Discussion 17 03-08-2005 02:12
LordPE limited to 60 processes? tbone General Discussion 0 07-01-2004 06:35

All times are GMT +8. The time now is 17:17.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )