This is a set of notes on how to debug a Windows service starting up, mostly for my reference. Building on https://www.sysadmins.lv/retired-msft-blogs/alejacma/how-to-debug-windows-services-with-windbg.aspx with command line steps where possible.

In this example, we’ll be debugging mycool.exe, which has the service name mycoolservice.

Enabling debugging

1. Find the path to cdb.exe, windbg.exe, gflags.exe. (e.g. C:\Program Files (x86)\Windows Kits\10\Debuggers\x86).

2. Start an elevated command prompt. Set the service to manual start (and stop it if it is currently running, … duh):

   sc config mycoolservice start=demand
   sc stop mycoolservice
   

3. Find the short path for cdb.exe (pasting the path from point 1 as appropriate):

   for %A in ("C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\cdb.exe") do @echo %~sA
   

4. Enable the debug hook for the service, using gflags, replacing the path as necessary:

   C:\PROGRA~2\WI3CF2~1\10\DEBUGG~1\x86\gflags /p /enable mycool.exe /debug "C:\PROGRA~2\WI3CF2~1\10\DEBUGG~1\x86\cdb.exe -server tcp:port=9999"
   

5. Change the service startup timeout to 1 hour to avoid Windows killing the service on startup:

   reg add HKLM\System\CurrentControlSet\Control /v ServicesPipeTimeout /t REG_DWORD /d 3600000
   

6. Reboot, start an elevated command prompt again.

7. Start the service, which will appear to hang:

   sc start mycoolservice
   

8. Open Windbg, Ctrl+R tcp:server=localhost,port=9999

9. Go forth and debug.

Disable debugging

1. Start an elevated command prompt, and enter the following commands:

   C:\PROGRA~2\WI3CF2~1\10\DEBUGG~1\x86\gflags /p /disable mycool.exe
   reg delete HKLM\System\CurrentControlSet\Control /v ServicesPipeTimeout
   

2. Reset the service startup parameters to your preferred startup type.

3. Reboot to reset the service control timeout.