这是一段代码做主要的事情 - 附加到一个活动的进程。虽然看起来子进程在开关中没有被捕获为 CREATE_PROCESS_DEBUG_EVENT 。只有 CREATE(EXIT)_THREAD_DEBUG_EVENT 和 LOAD_DLL_DEBUG_EVENT 打印在标准错误中,尽管我确切地知道创建了子进程(不是线程)。请指教。
DebugActiveProcess(processId);
DebugSetProcessKillOnExit(false);
while (!done) {
DWORD status = DBG_CONTINUE;
DEBUG_EVENT debugEvent;
WaitForDebugEvent(&debugEvent, INFINITE);
switch (debugEvent.dwDebugEventCode) {
cerr << "Got event " << debugEvent.dwDebugEventCode << endl;
case CREATE_PROCESS_DEBUG_EVENT:
{
CREATE_PROCESS_DEBUG_INFO &info = debugEvent.u.CreateProcessInfo;
cerr << "process created " << debugEvent.dwProcessId << endl;
break;
}
case EXIT_PROCESS_DEBUG_EVENT:
{
EXIT_PROCESS_DEBUG_INFO &info = debugEvent.u.ExitProcess;
cerr << "process exited" << endl;
break;
}
case LOAD_DLL_DEBUG_EVENT:
{
CloseHandle(debugEvent.u.LoadDll.hFile);
break;
}
}
ContinueDebugEvent(debugEvent.dwProcessId, debugEvent.dwThreadId, status);
}