Hi everyone, I'm trying to debug a user-mode app while I'm doing a kernel debugging session.
I'm first trying to locate the process using:
!process 0 0 "processname.exe"
and then switching context to the process context using the EPROCESS with the following command:
.process /p /r ffffcc8f1af0a080
and then setting up a breakpoint on the function I wish to debug
bp /p ffffcc8f1af0a080 user32!getfocus
When I'm listing the breakpoint list I get the next result:
0: kd> bl
0 e Disable Clear 00007ffb6c141180 0001 (0001) USER32!GetFocus Match process data ffffcc8f
1af0a080
Everything seems to be configured correctly but for some reason the bp never get hit even though with other user mode debuggers I'm able to see that GetFocus is being hit.
Any ideas?
Thanks!