Yet another debugging challenge..
The problem is, we want to debug the startup code for an application which is run by some other application! e.g. I will open a console (cmd.exe) which in turn opens calc.exe and I want to debug the initial calc.exe code..
Windbg has solution to this problem! When you select “open an executable”, you have a small checkbox saying “Debug child processes also” which actually makes sure that all the processes spawned by parent EXE (which you select in this dialog!) are also attached by debugger.
If you are interested in command line option, ‘-o’ option is at disposal.
Its only this scenario when ‘|’ command is used (at least in user mode)! Because when we attach to any child processes, it shows the current process being debugged in space left to command line in windbg, as shown below!
If you give command | you will be able to see all the processes in list which can be debugged (only one process can be debugged at a time!). You will get output similar to one shown below.
We can also move between different processes by using |<number>s command. e.g. in above example, if we want to go back to debug cmd.exe, we have to give command |0s.
PS: This works only if you are opening (spawning) parent executable.. ‘Attach to process’ does not have this option of debugging all child processes!