CREATE_PROCESS_DEBUG_INFO
The CREATE_PROCESS_DEBUG_INFO
structure contains process creation information that can be used by a debugger.
typedef struct _CREATE_PROCESS_DEBUG_INFO { // cpdi
HANDLE
hFile;
HANDLE
hProcess;
HANDLE
hThread;
LPVOID
lpBaseOfImage;
DWORD
dwDebugInfoFileOffset;
DWORD
nDebugInfoSize;
LPVOID
lpThreadLocalBase;
LPTHREAD_START_ROUTINE lpStartAddress;
LPVOID
lpImageName;
WORD
fUnicode;
} CREATE_PROCESS_DEBUG_INFO;
Members
hFile
Identifies an
open handle of the process s image file. If this member is NULL, the handle is
not valid. Otherwise, the debugger can use the member to read from and write to
the image file.
hProcess
Identifies an
open handle of the process. If this member is NULL, the handle is not valid.
Otherwise, the debugger can use the member to read from and write to the
process s memory.
hThread
Identifies an
open handle of the initial thread of the process identified by the hProcess
member. If hThread is NULL, the handle is not valid. Otherwise, the
debugger has THREAD_GET_CONTEXT, THREAD_SET_CONTEXT, and THREAD_SUSPEND_RESUME
access to the thread, allowing the debugger to read from and write to the
registers of the thread and to control execution of the thread.
lpBaseOfImage
Points to the
base address of the executable image that the process is running.
dwDebugInfoFileOffset
Specifies the
offset to the debugging information in the file identified by the hFile
member. The kernel expects the debugging information to be in Microsoft CodeView version 4.0
format. This format is currently a derivative of COFF (Common Object File
Format).
nDebugInfoSize
Specifies the
size, in bytes, of the debugging information in the file. If this value is
zero, there is no debugging information.
lpThreadLocalBase
Points to a
block of data. At offset 0x2C into this block is another pointer, called
ThreadLocalStoragePointer, that points to an array of per-module thread local
storage blocks. This gives a debugger access to per-thread data in the threads
of the process being debugged using the same algorithms that a compiler would
use.
lpStartAddress
Points to the
starting address of the thread. This value may only be an approximation of the
thread s starting address, because any application with appropriate access to
the thread can change the thread s context by using the SetThreadContext function.
lpImageName
Points to the
filename associated with the hFile parameter. This parameter may be
NULL, or it may contain the address of a string pointer in the address space of
the process being debugged. That address may, in turn, either be NULL or point
to the actual filename. If fUnicode is a nonzero value, the name string
is Unicode; otherwise, it is ANSI.
This member
is strictly optional. Debuggers must be prepared to handle the case where lpImageName
is NULL or *lpImageName (in the address space of the process being
debugged) is NULL. Specifically, Windows does not provide an image name for a
create process event, and will not likely pass an image name for the first DLL
event. Windows also does not provide this information in the case of debug
events that originate from a call to the DebugActiveProcess function.
fUnicode
Indicates
whether a file name specified by the lpImageName member is Unicode or
ANSI. A nonzero value indicates Unicode; zero indicates ANSI.
See Also