WinDbg break before main thread executes

Posted on 2007-10-11
Last Modified: 2011-09-20
How can I get WinDbg to break on the first instruction of a process' main thread?

When I use Open Executable, it breaks after the imported modules are loaded - way too late. I assume it is breaking at the image entry point. However, I want to break at the start of the main thread (even before the PE loader is invoked by the main thread stub).
Question by:jimstar
    LVL 86

    Accepted Solution

    Can you try to se a breakpoint at 'BaseThreadStart()'?
    LVL 4

    Author Comment

    I was actually trying to break on ntdll!LdrInitializeThunk, however I just figured it out - under Debug->Event Filters, I can enable processing process and thread creation events, which actually breaks before ntdll loads. Very interesting. I'm switching to WinDbg from another debugger, and I'm liking it better every day!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Preface I don't like visual development tools that are supposed to write a program for me. Even if it is Xcode and I can use Interface Builder. Yes, it is a perfect tool and has helped me a lot, mainly, in the beginning, when my programs were small…
    Summary: This tutorial covers some basics of pointer, pointer arithmetic and function pointer. What is a pointer: A pointer is a variable which holds an address. This address might be address of another variable/address of devices/address of fu…
    The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
    The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now