The DebugActiveProcess function allows a debugger to attach to an active process and then debug it. To stop debugging the process, you must exit the process. Exiting the debugger will also exit the process.
BOOL DebugActiveProcess(
DWORD dwProcessId // process to be debugged
);
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
The debugger must have appropriate access to the target process; it must be able to open the process for PROCESS_ALL_ACCESS access. On Windows 95 and Windows 98, the debugger has appropriate access if the process identifier is valid. However, on Windows NT, DebugActiveProcess can fail if the target process was created with a security descriptor that grants the debugger anything less than full access. Note that if the debugging process has the SE_DEBUG_NAME privilege granted and enabled, it can debug any process.
After the system checks the process identifier and determines that a valid debugging attachment is being made, the function returns TRUE. The debugger is then expected to wait for debugging events by using the WaitForDebugEvent function. The system suspends all threads in the process and sends the debugger events representing the current state of the process.
The system sends the debugger a single CREATE_PROCESS_DEBUG_EVENT debugging event representing the process specified by the dwProcessId parameter. The lpStartAddress member of the CREATE_PROCESS_DEBUG_INFO structure is NULL.
For each thread currently part of the process, the system sends a CREATE_THREAD_DEBUG_EVENT debugging event. The lpStartAddress member of the CREATE_THREAD_DEBUG_INFO structure is NULL.
For each dynamic-link library (DLL) currently loaded into the address space of the target process, the system sends a LOAD_DLL_DEBUG_EVENT debugging event. The system arranges for the first thread in the process to execute a breakpoint instruction after it resumes. Continuing this thread causes it to return to whatever it was doing before the debugger was attached.
After all of this has been done, the system resumes all threads in the process. When the first thread in the process resumes, it executes a breakpoint instruction that causes an EXCEPTION_DEBUG_EVENT debugging event to be sent to the debugger. All future debugging events are sent to the debugger by using the normal mechanism and rules.
Windows CE: After a successful return from DebugActiveProcess, when the debugger is waiting for debug events using the WaitForDebugEvent function, the system sends a CREATE_PROCESS_DEBUG_EVENT debugging event that identifies the primary thread handle that is currently part of the process. The system sends an individual CREATE_THREAD_DEBUG_EVENT debugging event for each of the secondary thread handles that are currently part of the process. All of these handles have permission (that is, access rights) for getting and setting thread contexts using the GetThreadContext and SetThreadContext functions.
For both the CREATE_PROCESS_DEBUG_EVENT and CREATE_THREAD_DEBUG_EVENT debugging events, the lpStartAddress member of the CREATE_PROCESS_DEBUG_INFO structure is NULL.
Close each of these thread handles using the CloseHandle function.
No initial debug breakpoint is set when DebugActiveProcess successfully attaches.
Windows CE version 2.0 provides built in support for Just-In-Time (JIT) debugging. A JIT debugger is registered by placing the name of your debugger in the string registry value JITDebugger located at HKEY_LOCAL_MACHINE\Debug. To enable JIT, you must perform a warm reset on the Windows CE target platform after the above value is added to the registry. When your debugger is invoked by JIT, the process identifier of the debugee is passed on the command line.
Windows NT: Requires version 3.1 or later.
Windows: Requires Windows 95 or later.
Windows CE: Unsupported.
Header: Declared in winbase.h.
Import Library: Use kernel32.lib.
Debugging Overview, Debugging Functions, CreateProcess, CREATE_PROCESS_DEBUG_INFO, CREATE_THREAD_DEBUG_INFO, WaitForDebugEvent