[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1146
  • Last Modified:

WinDbg break before main thread executes

How can I get WinDbg to break on the first instruction of a process' main thread?

When I use Open Executable, it breaks after the imported modules are loaded - way too late. I assume it is breaking at the image entry point. However, I want to break at the start of the main thread (even before the PE loader is invoked by the main thread stub).
1 Solution
Can you try to se a breakpoint at 'BaseThreadStart()'?
jimstarAuthor Commented:
I was actually trying to break on ntdll!LdrInitializeThunk, however I just figured it out - under Debug->Event Filters, I can enable processing process and thread creation events, which actually breaks before ntdll loads. Very interesting. I'm switching to WinDbg from another debugger, and I'm liking it better every day!

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now