Debugging system processes without administrative privileges: it can be done
A short while ago, I asked whether it was possible to debug system processes without administrative privileges. I ran into a brick wall and couldn’t figure it out.
Today, inspiration strikes: Use MSVSMON, the remote debugger:
- As Administrator (either through remote desktop, or Fast-User-Switching, run msvsmon /noauth /anyuser /nosecuritywarn. It’s in C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86. You have to run it with /noauth, because you want to connect from your non-Admin account to the Admin account.
- Under Tools/Options remove the timeout setting (clear the edit box), otherwise MSVSMON will keep exiting.
- Return to your non-Admin account.
- In Visual Studio, bring up the project properties and go to the Debugging page. Set “Debugger to launch” to “Remote Windows Debugger”. Set “Remote Command” to $(TargetPath). Set “Connection” to “Remote with no authentication (Native only)”
- Set your breakpoints and press F5.
Note that it will punch a hole in the Windows firewall, even if you’re connecting to localhost, so don’t do this on a network that you don’t trust. Not least because it’s running with /noauth.