Debugging Terminal Service not listening. (Isolating an instance of SVCHOST)

Ran into another issue today where I needed to set and IFEO for the particular instance of SVCHOST.exe running terminal service.  Here is the easiest way of doing so:

 

1) Make a copy of SVCHOST.exe on the server, name it Mysvchost.exe and leave it in %Systemroot%\system32\

2) Open regedit and go to HKLM\System\CurrentControlSet\Services\TermService (this could be whatever service you're trying to isolate)

3) Edit  "ImagePath", "%SystemRoot%\system32\svchost.exe -k termsvcs" and change svchost.exe to "Mysvchost.exe"

4) Then I set the IFEO for Mysvchost.exe with NTSD -d which send the output tot he kernel debugger.

5) Reboot

6) In Business

 

Simple and effective...