Prev Next
The CREATE_PROCESS_DEBUG_INFO structure contains process creation
information that can be used by a debugger.
typedef struct _CREATE_PROCESS_DEBUG_INFO { // cpdi
HANDLE hFile;
HANDLE hProcess;
HANDLE hThread;
LPVOID lpBaseOfImage;
DWORD dwDebugInfoFileOffset;
DWORD nDebugInfoSize;
LPVOID lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
LPVOID lpImageName;
WORD fUnicode;
} CREATE_PROCESS_DEBUG_INFO;
Members
-
hFile
-
Identifies an open handle of the process’s image file. If this member is NULL,
the handle is not valid. Otherwise, the debugger can use the member to read
from and write to the image file.
-
hProcess
-
Identifies an open handle of the process. If this member is NULL, the handle
is not valid. Otherwise, the debugger can use the member to read from and
write to the process’s memory.
-
hThread
-
Identifies an open handle of the initial thread of the process identified by
the hProcess member. If hThread is NULL, the handle is not
valid. Otherwise, the debugger has THREAD_GET_CONTEXT, THREAD_SET_CONTEXT, and
THREAD_SUSPEND_RESUME access to the thread, allowing the debugger to read from
and write to the registers of the thread and to control execution of the
thread.
-
lpBaseOfImage
-
Points to the base address of the executable image that the process is
running.
-
dwDebugInfoFileOffset
-
Specifies the offset to the debugging information in the file identified by
the hFile member. The kernel expects the debugging information to be in
Microsoft® CodeView® version 4.0 format. This format is currently a
derivative of COFF (Common Object File Format).
-
nDebugInfoSize
-
Specifies the size, in bytes, of the debugging information in the file. If
this value is zero, there is no debugging information.
-
lpThreadLocalBase
-
Points to a block of data. At offset 0x2C into this block is another pointer,
called ThreadLocalStoragePointer, that points to an array of per-module thread
local storage blocks. This gives a debugger access to per-thread data in the
threads of the process being debugged using the same algorithms that a
compiler would use.
-
lpStartAddress
-
Points to the starting address of the thread. This value may only be an
approximation of the thread’s starting address, because any application with
appropriate access to the thread can change the thread’s context by using the SetThreadContext
function.
-
lpImageName
-
Points to the filename associated with the hFile parameter. This
parameter may be NULL, or it may contain the address of a string pointer in
the address space of the process being debugged. That address may, in turn,
either be NULL or point to the actual filename. If fUnicode is a
nonzero value, the name string is Unicode; otherwise, it is ANSI.
This member is strictly optional. Debuggers must be prepared to handle the
case where lpImageName is NULL or *lpImageName (in the address
space of the process being debugged) is NULL. Specifically, Windows does not
provide an image name for a create process event, and will not likely pass an
image name for the first DLL event. Windows also does not provide this
information in the case of debug events that originate from a call to the DebugActiveProcess
function.
-
fUnicode
-
Indicates whether a file name specified by the lpImageName member is
Unicode or ANSI. A nonzero value indicates Unicode; zero indicates ANSI.
See Also
CREATE_THREAD_DEBUG_INFO,
DebugActiveProcess, DEBUG_EVENT,
LOAD_DLL_DEBUG_INFO, SetThreadContext