Quote:
Originally Posted by Archer
One of the ways to debug a service is to patch code being executed to "eb fe" - infinite loop and then attach with a debugger. But if you do it before the service responded to service manager, you'll be running against the timeout as services not responded within the timeout are killed. So either patch it after the response or do something about the timeout.
|
Thanks Archer. Yes, it's common to alter the timeout to 24 hours when debugging services. Patching into a loop also means I can probably attach another debugger other than WinDBG to it. My intention was probably to start the service with cdb, attach with WinDBG and immobalise the service DLL so that I could switch debugger to x64dbg. Or I can suck it up and use WinDBG
Thanks for the responses folks. Looks like WinDBG is the only way, starting out at least. Coincidentally someone just publicised a blog post on debugging Windows services.
hxxps://secrary.com/Random/WindowsServiceDebugging/
I've made a lot of notes recently and I was planning a blog post myself on the subject. When it's complete I will post here.
04-26-2018, 02:15
Hybrid Mode
