Production time debugging - session 0 process
I have the following scenario:
- Windows开发者_运维技巧 2008
- A Service running running with a specific user credential (i.e. not the System Account).
- That service starts a child process
- The child process starts, gets an exception after a second and crashes
I am trying to attach a debugger to the child process and debug it before it crashes
I was trying to use gflags and set the debugger. Problem is that the service is running in session 0 hence Windbg is not viewable. I cannot set the service to "allow interact with desktop" as the service cant use Local System account but rather has to use credentials of specific user.
I wasn't sure if it is intended to work like that, but I also tried to connect to that windbg in session 0 from another instance of Windbg using Windbg -pe (so I would have two Windbg running). But it doesn't work - the second instance doesn't seem to be able to stop the process and see its call stack.
Any ideas how to attach a debugger to the child process before it crashes to debug it?
You can use the command line debugger cdb for that. Start your service with cdb attached, and launched as a debugging server. You can add the following command
"c:\program files\debugging tools for windows\cdb" -server tcp:port=5500 -g -G
to the registry value Debugger (type string) of the registry key
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\YourApplication.Exe
Then use windbg to connect to the debugging server with
windbg -remote tcp:server=localhost,port=5500
One more option:
When WinDbg is automatically launched, you indeed can't see it. You can, however, configure ntsd as your jit debugger, and enable remote debugging. Then, you can connect your WinDbg to ntsd and remote debug the process. See for details: Debugging a Service on Windows Vista.
Why not start from crash dumps? http://www.codeproject.com/KB/debug/automemorydump.aspx
Add Sleep(30000) to your child process entry point. That will give you enough time to connect with the debugger.
加载中,请稍侯......
精彩评论