I have this program that I'm trying to debug. When I attach to it, I have no problems. But I need to catch it the moment it starts up when it shows me a message box window before the rest of the program starts. The window asks me to connect a dongle. I located a reference to the string and the call to the AfxMessageBox function. But when I set the breakpoint and run the program (F9), it keeps bouncing me back to ntdll.dll. What exctly is going on here? How do I make sure this is some antidebugging scheme or not and how do I solve it?

Thanks

What type of dongle is it?

Also, look at the statusbar for more information. Does it show an exception or invalid instruction/etc.?

ooh, turns out it was stopping at a hardware breakpoint. I disabled it, and now it generated an exception! What do I do now?

Log data, item 2
Address=01E91236
Message=Access violation when writing to [9A83619A]

If it runs fine in your debugger w/o the breakpoint set, and it hits an exception with the breakpoint set, then it's clearly the breakpoint that's being detected by the anti-debugging stuff.
I'd suggest trying different kinds of breakpoints (software, hardware, memory) and using them in different locations in the function (like the last instruction (retn) instead of the first).

Also explore the anti-debug plug-ins and patches available for Olly, here in this forum (Olly stuph)and on the web

No, the program crashes even without setting breakpoints. All I have to do is run the program directly from Olly (this doesn't happen when I attach to the process when it's already running).

I'll test it again anyway just to make sure, but what else could it be?

It is detecting Olly's (or some other debugger) presence and crashing by throwing some exception.
The test probably takes place near program initialization, that is why you can attach without being detected (at least not right away).

It does sound like antidebug protection. Read my post above. . .