调用DebugBreakProcess() - 事件的dwThreadId代表什么? [英] After calling DebugBreakProcess() - What does the event's dwThreadId represents?
问题描述
然后一些其他进程/线程在调试进程(由调用DebugBreakProcess())。
调试器然后会收到这个EXCEPTION_DEBUG_EVENT-> EXCEPTION_BREAKPOINT事件,在DEBUG_EVENT结构中,字段 dwThreadId 将保存一些ID。
我的根本问题是 - 这个 dwThreadId 代表什么?
(MSDN表示是发生调试事件的线程的标识符)。
我的疑虑如下:
-
这是什么意思调试事件发生在哪里?这个过程的所有线程不是以某种方式以这种方式发出信号,因为这个过程被完全阻止了吗?
-
此外,从我读到的内容中,机制的工作原理如下:
DebugBreakProcess()API通过在目标进程中创建一个线程来调用断点指令,这导致正常的SEH机制接管。
这意味着这个dwThreadId实际上是这个新创建的线程的ID,而不是任何原始进程的ID '线程。我正确吗?
-
如果调试过程是多线程的(实际上几乎是肯定的)?
这是调用DebugBreakProcess()API时处于处理器的线程的ID?
更新:所有这个块都被回答了。看到第一个答案。
- 双核系统和两个同一进程的线程目前正在并行运行?哪一个将赢得并将在此ID中说明?或者也许会导致两个不同的EXCEPTION_BREAKPOINT例外?
非常感谢您提供的任何帮助。
你几乎回答了自己的问题,这将是调用 DebugBreak()这又是由 DebugBreakProcess()创建的新线程。
Let's say some process debugs another process (by calling DebugActiveProcess()).
Then some other process/thread generates break-points exceptions at that debugged process (by calling DebugBreakProcess()). The debugger then receives this EXCEPTION_DEBUG_EVENT->EXCEPTION_BREAKPOINT event and in the DEBUG_EVENT structure the field dwThreadId will hold some ID.
My root question is - What does this dwThreadId represents? (MSDN says it is "The identifier of the thread in which the debugging event occurred").
My concerns are of the following:
What does it mean "in which the debugging event occurred"? Isn't it that all the threads of the process are somehow signaled this way and therefor the process is entirely blocked?
Moreover, from stuff I read, this mechanism works something like this:
The DebugBreakProcess() API works by creating a thread in the target process that invokes a breakpoint instruction, which causes the normal SEH mechanism to take over.
Which means there's a possibility that this dwThreadId is actually the ID of this newly created thread and not an ID of any of the original process' threads. Am i correct?
What if the debugged process is multi-threaded (actually it is almost certain it is)? Is this the ID of the thread that was "in the processor" at the moment of calling the DebugBreakProcess() API?
UPDATE: all this block was answered. See the first answer.
- What about the case of a dual-core system and two threads of the same process are currently running in parallel? Which one will win and will be stated in this ID? Or maybe it will cause two different EXCEPTION_BREAKPOINT exceptions?
Thank you very much for any help that is provided.
You pretty much answered your own question, it would be the thread that called DebugBreak() which in turn is the new thread created by DebugBreakProcess().
这篇关于调用DebugBreakProcess() - 事件的dwThreadId代表什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
