When a debugger starts a process to be debugged or, the article case, connects to a already created process, the communication between these processes is made through an internal resource inside Windows called LPC (Local Procedure Call). The system creates a "magic" communication port for debugging and the debugging events pass throw it. Among these events we can tell the most frequent: Activated breakpoints Thrown exceptions Threads creation/termination DLLs load/unload Process exit ...