admin管理员组

文章数量:1291603

I'm learning reverse engineering with IDA Pro and debugging a launcher application (start.exe) that launches another executable (main.exe).

start.exe takes two inputs (call them X and Y), processes them, and then creates the main.exe process and stops/kills start.exe.

I'm having trouble debugging main.exe because it launches too quickly for me to attach to it in IDA.

Is there a way to intercept the CreateProcess call (or similar) within start.exe so I can attach to main.exe before it starts executing, or automatically debug the new process?

I'm learning reverse engineering with IDA Pro and debugging a launcher application (start.exe) that launches another executable (main.exe).

start.exe takes two inputs (call them X and Y), processes them, and then creates the main.exe process and stops/kills start.exe.

I'm having trouble debugging main.exe because it launches too quickly for me to attach to it in IDA.

Is there a way to intercept the CreateProcess call (or similar) within start.exe so I can attach to main.exe before it starts executing, or automatically debug the new process?

  • reverse-engineering
  • disassembly
  • ida
Share Improve this question asked Feb 13 at 14:19 BadProgrammerBadProgrammer 1159 bronze badges 1
  • Have you tried directly executing main.exw from withing IDA? The start.exe part can often be omitted. – Robert Commented Feb 15 at 23:24
Add a comment  | 

1 Answer 1

Reset to default 0

You can start the process from within IDA, first load the binary ( exe ) into IDA ( File -> Open, or select on the IDA's start menu ), then select a debugger, "Local Windows Debugger" will work fine. After which you can click the green Play Icon.

Selecting a Debugger

Starting the debugger

After which, IDA automatically breaks at the first function call. You can set the breakpoints even before starting the debugger.

本文标签: reverse engineeringHow to Debug a Process Launched by Another Application with IDAStack Overflow

版权声明:本文标题:reverse engineering - How to Debug a Process Launched by Another Application with IDA - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741535499a2384001.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。