CREATE_PROCESS_DEBUG_INFO

This structure contains process creation information that can be used by a debugger.

At a Glance

Header file:	Winbase.h
Windows CE versions:	2.0 and later

Syntax

typedef struct _CREATE_PROCESS_DEBUG_INFO { HANDLE hFile; HANDLE hProcess; HANDLE hThread; LPVOID lpBaseOfImage; DWORD dwDebugInfoFileOffset; DWORD nDebugInfoSize; LPVOID lpThreadLocalBase; LPTHREAD_START_ROUTINE lpStartAddress; LPVOID lpImageName; WORD fUnicode; } CREATE_PROCESS_DEBUG_INFO;

Members

hFile

Handle to the process’s image file. In Windows CE, this member is always NULL.

hProcess

Handle to the process. If this member is NULL, the handle is not valid. Otherwise, the debugger can use the member to read from and write to the process’s memory.

hThread

Handle to the initial thread of the process identified by the hProcess member. If hThread is NULL, the handle is not valid. Otherwise, the debugger has THREAD_GET_CONTEXT, THREAD_SET_CONTEXT, and THREAD_SUSPEND_RESUME access to the thread, allowing the debugger to read from and write to the registers of the thread and to control execution of the thread.

lpBaseOfImage

Pointer to the base address of the executable image that the process is running.

dwDebugInfoFileOffset

Specifies the offset to the debugging information in the file identified by the hFile member. This member is always set to zero.

nDebugInfoSize

Specifies the size, in bytes, of the debugging information in the file. This member is always set to zero.

lpThreadLocalBase

Pointer to a block of data. At offset 0x2C into this block is another pointer, called ThreadLocalStoragePointer, that points to an array of per-module thread local storage blocks. This gives a debugger access to per-thread data in the threads of the process being debugged using the same algorithms that a compiler would use.

lpStartAddress

Pointer to the starting address of the thread. This value may only be an approximation of the thread’s starting address, because any application with appropriate access to the thread can change the thread’s context by using the SetThreadContext function.

lpImageName

Pointer to the file name associated with the hFile member. This member may be NULL, or it may contain the address of a string pointer in the address space of the process being debugged. That address may, in turn, either be NULL or point to the actual filename. If fUnicode is a nonzero value, the name string is Unicode; otherwise, it is ANSI.

This member is strictly optional. Debuggers must be prepared to handle the case where lpImageName is NULL or *lpImageName (in the address space of the process being debugged) is NULL. Specifically, the system does not provide an image name for a create process event, and will not likely pass an image name for the first DLL event. The system also does not provide this information in the case of debug events that originate from a call to the DebugActiveProcess function.

fUnicode

Indicates whether a file name specified by the lpImageName member is Unicode or ANSI. A nonzero value indicates Unicode; zero indicates ANSI.

Remarks

The lpImageName member is a pointer into the address space of the process that is being debugged. To retrieve the actual image name, use the ReadProcessMemory function in the following manner.

ReadProcessMemory( hProcess, lpImageName, lpBuffer, nSize,
   &NumberOfBytesRead );

For the DebugActiveProcess function, if the dwDebugEventCode member of the DEBUG_EVENT structure has a value of CREATE_PROCESS_DEBUG_EVENT or CREATE_THREAD_DEBUG_EVENT, the lpStartAddress member is NULL.

The lpThreadLocalBase member points directly to the Thread Local Storage (TLS) data block of the process that is being debugged. To obtain the TLS data for a slot, call the ReadProcessMemory function and pass the following calculated value for the lpBaseAddress parameter: lpThreadLocalBase+4*<slot number>.