Search code examples
cdebuggingdllgdbdll-injection

Debugging a DLL injected into a program using GDB


I have 2 programs and a DLL.

loader.exe starts main.exe and injects lib.dll in the memory space of main.exe. main.exe at one point then executes a function of lib.dll. Both the loading program and the DLL have been compiled with debugging symbols enabled.

I have tried running GDB on the DLL and setting a breakpoint at the relevant function, but I doubt this is how you do it since nothing happens when I run the loading program. I can't debug the loader.exe since all it does is start the main program, inject the DLL, and exit. So what can I do?

Bear in mind I'm doing all of this in Windows using MinGW32.


Solution

  • I solved this by changing how my starting program worked: it starts the target program in a suspended state and injects the DLL, then resumes the starting program.

    To debug the injected DLL functions in the target program, I first debug the starting program using GDB, and put a breakpoint after it started the target program & injected the DLL, but right before it resumes the target program.

    Then, I opened another instance of GDB and ran it without targeting anything, and instead used attach to attach GDB to the already started, but still paused instance of the target program.

    Since the DLL is now loaded in the address space, I could breakpoint any of the DLL functions in the target program. By continuing the original GDB instance which was debugging the starting program, it then unsuspended the target program, allowing it to run normally.