When you attach to a running program, it is immediately suspended.
In almost all cases, the program will be suspended in operating system code
or in a compiled language run time, and you will be looking at disassembly
code. You will probably need to add one or more breakpoints and resume the
program to get to a known point in your program.
There are two main reasons for attaching the debugger to a process or already
running program:
- You anticipate a problem at a particular point in your program, and you
do not want to step through the program or set breakpoints. In this situation,
you can run your program, and during a program pause shortly before the anticipated
failure (for example, while the program is waiting for keyboard input), you
attach the debugger. You can then provide the input, and debug from that point
on.
- You are developing or maintaining a program that hangs sporadically, and
you want to find out why it is hanging. In this situation, you can attach
the debugger, and look for infinite loops or other problems that might be
causing your program to hang.
Attention: - You can only attach to a process for which you have the necessary permissions.
If you lack permission, the debugger will behave as though the process does
not exist.
- If you are logged on as root, you can attach to any process, including
system processes. Doing so can have unexpected results.