Have you ever came across a situation where you need to debug a child process created by your application or external application?
Usually when we need to debug an application (process) usually we’ll be attaching the particular process to debugger by executing in debug mode from the debugger itself or use “Attach process” option provided by debugger.
You can debug the processes where you’ve the right debug privileges. But suppose if you’re working in a system where your application is launched by someone else and you’re facing some catastrophic errors in some critical point of execution where you’ve no chance to attach it to debugger. (e.g during startup)
In this situation usually developers modify the source code if the want to debug and put some delay, or call “DebugBreak” API to debug the program. But in some situations this is also not practical. So what we’ve to do?
We’ve two debuggers that developers use in very common. Visual Studio Debugger is one of the most popular debugger in Windows. Okay before talking about Visual Studio I’d show how we could achieve this with WinDBG, the most powerful debugger under Windows. But it’s not that flexible like Visual Studio. It’s a beast! with all power to rule the process 
WinDBG Way
I’ve created a small program which will be crashing in the startup itself. I am not going to write a launcher to create the process, I will do that from the command line. The steps to debug the child process are
1. Launch the parent application which is going to create the desired process.
2. Attach the parent process to WinDBG (Hope you’re all set with your symbol server and source file paths for better debugging)
3. Enable Child Process debugging by giving command “.childdebg 1” (pass 0 if you want to disable it. See the documentation)
4. Resume the process by hitting “Go” and let the parent process to create the child process.
5. You can see that WinDBG will “Break In” when the new process is created.
6. Now you can start debugging by setting Break points, watch, etc…
Visual Studio Ways
The previous method was not at all painful no? But Visual Studio doesn’t natively support debugging multiple process. According John Robbins, it requires a serious architectural change in Visual Studio. There’s no straight way to do this. There two known method to do this.
Using Image File Execution Option with Visual Studio
Setup:
1. Run regedit.exe
2. Goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
3. Create a new key for your exe (example: foo.exe)
4. Create a new string value under your exe. The name of the string value is ‘Debugger’, and the value is ‘vsjitdebugger.exe’
Here is a sample registry script to do this: (save as .reg file after changing sample.exe to your application’s name)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sample.exe]
"Debugger"="vsjitdebugger.exe"
The above method is exploiting one of native debugging feature provided by Windows. Ensure that the modification at registry is reverted back once you finish with debugging. Otherwise whenever the application is started, it will automatically starts with Visual Studio Debugger. See this blog entry for more details
Google Chrome Debug Macros
The people at Google (or those who contributed) are so smart and they’ve created few Visual Studio Macros to enable you to debug the child process. They found in some situations the Image File Execution Option doesn’t work well. And they’ve written some efficient macros to debug the child processes using Visual Studio.
You can see the macros and how to debug article in Chrome website.
Happy Debugging!
