View Full Version : Why ollydbg stopped run trace (with a snapshot)

January 24th, 2013, 13:10
I am using ollydby (2.0 version) to debug a running process. The process has multiple threads, and one thread is fired periodically (controlled by a timer I guess) to do some socket/tcp communication. What I want to figure out is what the thread has done after socket/tcp communicating.

I am following these steps:

1. run the process

2. open ollydbg and attach it to the process

3. set breaking point just at the line that sends socket message

Address = 0113B2DF
Module = test
Status = Enabled
Disassembly = CALL <JMP.&ws2_32.WSASend>
Comment = Jump to ws2_32.WSASend

4. press Ctrl + F11 to run trace

but then it stopped and the snap shot is:



and only about no more than 200 lines were in Run trace window. I noticed that the last line in trace window is

0113BCCF E8 08BCECFF CALL <JMP.&kernel32.GetQueuedCompletionS ; Jump to kernel32.GetQueuedCompletionStatus

does this have anything to do with this issue?

Any idea about this?