Hii… I am doing kernel level debugging through windbg. how can i attach windbg to DWM.EXE process in VISTA which is responsible for AERO feature.
thanx
prashant
I’m not entirely sure what you mean here - kernel debugging and ‘attach
to process’ don’t generally go together. If you mean force the context
to be a certain process, you can do that with '.process /i
seconds, it will break in the context of the process you specified.
I kind of doubt that this is what you wish, so, if not, if you could
explain what you wish to do a little more, that would help; I think we
just have a terminology issue.
Good luck,
mm
xxxxx@gmail.com wrote:
> Hii.. I am doing kernel level debugging through windbg. how can i attach windbg to DWM.EXE process in VISTA which is responsible for AERO feature.
> thanx
> prashant
>
>
thanks MM for reply… you understand it correctly. actually I mean how to force the context
to be a certain process. Its being resolved.
regards
Hi,
!process 0 0 (Gets you a list of processes. Search for DWM.exe and retrieve
the EPROCESS pointer)
.cache forcedecodeuser (Mandatory; changing process context without this can
cause you headaches)
.process (attaches to the process etc…)
Then you can issue your symbol loading and breakpoint commands.
.reload /user
bu Xxxx
For what it is worth though, I’ve done a fair bit of DWM debugging and found
that user mode remote debugging was easily the most effective, reliable and
manageable; unless you absolutely need to debug kernel mode code at the same
time. I tend to use dbgsrv on the target and attach with WinDbg.
Carl
wrote in message news:xxxxx@windbg…
> Hii… I am doing kernel level debugging through windbg. how can i attach
> windbg to DWM.EXE process in VISTA which is responsible for AERO feature.
> thanx
> prashant
>
>