1、启动windbg,打开File菜单,选择Open Executable,选择需要调试的进程目标文件
把Debug child processes also勾上,点击打开。
2、查看子进程
1:023> | 0 id: 2e40 create name: nginx.exe 1 id: 2208 child name: BTest.exe . 2 id: 2544 child name: CTest.exe
3、切换子进程
1:023> | 1 s eax=00000000 ebx=00000000 ecx=921e0000 edx=000ee148 esi=fffffffe edi=00000000 eip=77b112fb esp=003bf634 ebp=003bf660 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246 ntdll!LdrpDoDebuggerBreak+0x2c: 77b112fb cc int 3
4、查看当前调试的进程
1:023> |. . 1 id: 2208 child name: BTest.exe
5、尽情的调试子进程吧~
转载请注明原文地址: https://ju.6miu.com/read-963260.html
