WinDbg break on process creation and process exit

By default,WinDbg breaks on process creation and process exit, i.e:

This is equivalent to:

sxe cpr [:Process] 
sxe epr [:Process]

The process creation break looks like this:

(1dcc.1714): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=6f570000 edx=00000000 esi=7eeac000 edi=00000000
eip=77293bed esp=00a5f848 ebp=00a5f874 iopl=0         nv up ei pl zr na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrpDoDebuggerBreak+0x2b:
77293bed cc              int     3

The process exit break looks like this:

eax=00000000 ebx=772df820 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=7721c73c esp=00a5f60c ebp=00a5f6d8 iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000206
ntdll!NtTerminateProcess+0xc:
7721c73c c20800          ret     8

There are command line options to disable those breaks when starting a debugging session:

windbg.exe -g -G MyProgram.exe

-g disable the break on process creationand -G disables the break on process exit.

WinDbg break on process creation and process exit

Related Posts