How can I attach WinDbg to a process running inside a Windows Docker Container? I've tried googling it, but everything seems to use Visual Studio to do this. I just want to use WinDbg or something similar to quickly analyse a process running on the host.
using Docker For First Time so maybe this is not what you are looking for
I don't do c# asp.net iis thingies for which Docker Seems to be Famous for
so here goes
installed Docker Desktop
C:\>docker version
Client: Docker Engine - Community
Version: 20.10.2
API version: 1.41
Go version: go1.13.15
Git commit: 2291f61
Built: Mon Dec 28 16:14:16 2020
OS/Arch: windows/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.2
API version: 1.41 (minimum version 1.24)
Go version: go1.13.15
Git commit: 8891c58
Built: Mon Dec 28 16:26:48 2020
OS/Arch: windows/amd64
Experimental: false
skimmed through get-started
docker run -d -p 80:80 docker/getting-started
pulled Microsoft/nanoserver:1803
C:\>docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
microsoft/nanoserver 1803 65194053090c 11 months ago 378MB
run the container in background detached interactive with a name
C:\>docker run -d -it --name="mydoc" microsoft/nanoserver:1803
23b9265196659cc073bc05ec81f6b58be465db6e305645e1af13c5831c0ca4e3
stop it
C:\>docker stop mydoc
mydoc
copy the windbg x64 folder and a /MT compiled console c++ printf app for test
C:\>docker cp d:\doc_trans\ mydoc:c:\
start the container
C:\>docker start mydoc
mydoc
execute cdb on the app
C:\>docker exec -it mydoc "c:\\doc_trans\\x64\\cdb.exe" c:\\doc_trans\printf.exe
Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: c:\\doc_trans\printf.exe
Symbol search path is: srv*
Executable search path is:
ModLoad: 00007ff7`76420000 00007ff7`76487000 printf.exe
ModLoad: 00007ff8`86e60000 00007ff8`87041000 ntdll.dll
ModLoad: 00007ff8`84290000 00007ff8`84503000 C:\Windows\System32\KERNELBASE.dll
ModLoad: 00007ff8`83b20000 00007ff8`83b45000 C:\Windows\SYSTEM32\forwarders\KERNEL32.dll
ModLoad: 00007ff8`83fd0000 00007ff8`84017000 C:\Windows\System32\kernel32legacy.dll
(660.664): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
ntdll!LdrInitShimEngineDynamic+0x34c:
00007ff8`86f2c8bc cc int 3
0:000> g 00007ff7`76420000+1000
*** ERROR: Module load completed but symbols could not be loaded for printf.exe
printf+0x1000:
00007ff7`76421000 4883ec28 sub rsp,28h
0:000> uf .
printf+0x1000:
00007ff7`76421000 4883ec28 sub rsp,28h
00007ff7`76421004 488d0d35c30400 lea rcx,[printf+0x4d340 (00007ff7`7646d340)]
00007ff7`7642100b e870000000 call printf+0x1080 (00007ff7`76421080)
00007ff7`76421010 33c0 xor eax,eax
00007ff7`76421012 4883c428 add rsp,28h
00007ff7`76421016 c3 ret
0:000> t
printf+0x1004:
00007ff7`76421004 488d0d35c30400 lea rcx,[printf+0x4d340 (00007ff7`7646d340)]
0:000> t
printf+0x100b:
00007ff7`7642100b e870000000 call printf+0x1080 (00007ff7`76421080)
0:000> da @rcx
00007ff7`7646d340 "hello jmp far."
0:000>