For our debugger to take action upon certain events, we need to establish handlers for each debugging event that can occur. If we refer back to the WaitForDebugEvent() function, we know that it returns a populated DEBUG_EVENT structure whenever a debugging event occurs. Previously we were ignoring this struct and just automatically continuing the process, but now we are going to use information contained within the struct to determine how to handle a debugging event. The DEBUG_EVENT structure is defined like this:

typedef struct DEBUG_EVENT {
    DWORD dwDebugEventCode; DWORD dwProcessId; DWORD dwThreadId; union { EXCEPTION_DEBUG_INFO Exception; CREATE_THREAD_DEBUG_INFO CreateThread; CREATE_PROCESS_DEBUG_INFO CreateProcessInfo; ...