Attach to running windows process

Question

please adisve on below:

1) What is the lightest way to attach to running native windows application process, get list of threads and see what DDLs are used?

2) What is the lightest way to attach to running .NET application process, get list of threads and see what DDLs are used?

Regards, Ron

I take it you mean DLL, not DDL, right? – Rich Turner Mar 07 '13 at 02:48 — Rich Turner, Mar 07 '13 at 02:48

score 1 · Answer 1 · edited May 23 '17 at 10:31

1

You may use Tool Help Library which make it easier for you to obtain information about currently executing applications.

.Net example or search to find more info.

The System.Diagnostics namespace provides classes that allow you to interact with system processes, event logs, and performance counters.

ProcessThreadCollection class provides a strongly typed collection of ProcessThread objects.
ProcessModuleCollection class provides a strongly typed collection of ProcessModule objects.

search to find more

edited May 23 '17 at 10:31

Community

1
1

answered Jan 29 '13 at 05:59

Serg

2,140
1
12
14

Thank you for response. It seems like first 50% of the question - what threads are used. So, what is the proper way to see what DDLs are being used by the thread? – Ron Warshawsky Jan 29 '13 at 19:01
The process is a container for resources including DLLs, which are mapped into the virtual address space of the process. Any process thread has access to the entire address space and any DLLs within it. – Serg Jan 29 '13 at 19:33
Thank you. I should clarify my question on DLLs - is there is a way to see what DLLs are used by thread "at the moment", i.e. actively called from a thread. – Ron Warshawsky Jan 31 '13 at 21:32
You need obtains a stack trace for a thread and examine which module it currently uses. – Serg Feb 01 '13 at 07:07

score 0 · Answer 2 · answered Mar 07 '13 at 03:02

Do you use Visual Studio? If so, you can attach VS to any running process using the Debug | Attach To Process menu items. You can then break into the process and start examining stacks, threads, modules, etc.

If you want to delve deeper, you could download the Windows SDK and install the Debugging tools. This will give you KD and WinDBG - a console debugger and slightly more friendly multi-pane MDI-style debugging app respectively. Using these tools you can access to most of the core debugging infrastructure built into Windows.

However, note that this is not for the feint of heart and will require considerable time and effort to master. To really become a debugging guru, you'll also need to deeply understand the architecture of the kernel & OS and many core OS data structures.

Thus you might find the following books useful:

For .NET:

For Windows and/or .NET:

For Advanced Windows internals debugging

Enjoy! :)

Attach to running windows process

2 Answers2