A road named NoNameUno

I've been thru a few scenario where I had to follow some documents, some tricks, and other source of informations to debug start up code of an NT service, and the normal debugging of a service when it is out of the startup. But imagine a scenario, where you would launch some root processes in the sense that they are individually created and then some of these would launch some other processes, and so on. So there is a process trees ( parent and child ) relationships that will show in a graphical form if you kick of procexp (process explorer) tool from sysinternals.

Now if I want to debug some of these processes at the start ( they have no interaction with SCM, the service control manager of NT), one way use to create an entry in the imageExecution option registry key. So as soon as your debugee process starts, it would launch windbg debugger, and the process would under debugger... Now this set of processes, as you might have imagined worked in harmony by message passing methods. I'm now ready to fire up apps that send and receive requests toward the set of processes, but I can't break into the process running under the debugger, and it seems like it does not have the ablity to talk to other processes as well. What a bummer!.

But if I fire up windbg after all the processes had been launched, and attach that process, then I can debug the steady state of that process. By steady state I mean anything but the startup code. If for one reason or other there is a start up failure, I've to try the first method, debug the hell out of it, then switch the gear to the 2nd method. I guess stick shift driving is all that there is to it!