How to resolve "Cannot debug pid , NTSTATUS 0xC0000048" - "An attempt to set a process's DebugPort or ExceptionPort was made ..."
Once I found out what was causing this error message it was pretty obvious what was going on.
But when investigating there was not much information to be found so I thought I’d share this with you.
The ones who are more seasoned debuggers may think that this is stating the obvious but we who are not there yet may be helped by this J
Basically I wanted to debug a running w3wp.exe process.
So I fired up WinDbg, hit F6 for attaching to a process and selected the w3wp.exe process and was presented with this:
Cannot debug pid <pid>, NTSTATUS 0xC0000048
"An attempt to set a process's DebugPort or ExceptionPort was made, but a port already exists in the process or an attempt to set a file's CompletionPort made,
but a port was already set in the file or an attempt to set an ALPC port's associated completion port was made, but it is already set.
So I went about to do some research but couldn’t find any clear cut cause for this.
I tried to run the debugger as administrator. I closed all my programs and then I rebooted my machine but nothing helped.
In the end I learned something new.
That was that even if you restart the machine when you have an active rule running in Debug Diag this rule will auto activate after the reboot even if you have not restarted the Debug Diag tool.
So once I found this and stopped the rule in Debug Diag I could successfully attach to my process.