i'm debugging script in windbg .childdbg 1. (the script runs various test cases of software in infinite loop. way catch rare crashes.)
i need not attach specific child processes (for performance reasons , because third-party , crash often).
if specify them process name, solve problem. if can propose other debugger can need, grateful.
note: configuring debugger attach specific processes via gflags not solution in specific case.
if have activated .childdbg 1, can make use of sxe cpr. -c switch, can execute command. .if (yourcondition) {.detach} .else {g} help.
perhaps cpr:processname option helpful you. supports wildcard filters. i've never used until now, see controlling exceptions , events in windbg help.
i used following .net program perform test:
static void main() { console.writeline("attach , press enter"); console.readline(); process.start("notepad.exe"); process.start("calc.exe"); process.start("notepad.exe"); process.start("calc.exe"); console.writeline("started 4 processes"); console.readline(); } i started program under debugger , did following:
0:004> .childdbg 1 processes created current process debugged 0:004> sxe -c ".detach;g" cpr:calc 0:004> g ... 77da12fb cc int 3 1:009> | 0 id: 1fe0 create name: debugchildprocesses.exe . 1 id: f60 child name: notepad.exe 1:009> g ... 77da12fb cc int 3 2:011> | 0 id: 1fe0 create name: debugchildprocesses.exe 1 id: f60 child name: notepad.exe . 2 id: 1d68 child name: notepad.exe 2:011> g as can see, debugger attached notepad only.
unfortunately, cannot use multiple sxe cpr:process commands. whenever use again, overwrite previous settings.
in case, need use generic cpr handler , rest inside command. in tests, !peb did not work @ time, couldn't use it. however, windbg has switched process, therefore |. gives process name along other information. extract process name only, .foreach /ps 6 (token {|.}) { .echo ${token}} worked me.
with this, can build trickier commands like
.foreach /ps 6 (token {|.}) { .if (0==$scmp("${token}","notepad.exe")) {.echo "it's notepad!"} .elsif (0==$scmp("${token}","calc.exe")) {.echo "do math!"} } (formatted readability, remove line breaks)
when try combine sxe, run nasty string escaping problems. replace quotes inside command \" make work:
sxe -c" .foreach /ps 6 (token {|.}) { .if (0==$scmp(\"${token}\",\"notepad.exe\")) {.echo \"it's notepad!\"} .elsif (0==$scmp(\"${token}\",\"calc.exe\")) {.echo \"do math!\"} } " cpr (formatted readability, remove line breaks)
now can whatever like, e.g. .detach or .kill, replace .echo command in above example. can execute several commands separating them via semicolon (;) usual.
btw: if use sxe cpr, might perhaps want turn off initial process breakpoint sxd ibp.
Comments
Post a Comment