Results 1 to 7 of 7

Thread: Attach to process WITHOUT stopping

Hybrid View

  1. #1
    w00b
    Guest

    Attach to process WITHOUT stopping

    Hi, I have a problem when using OllyDBG to attach to a game. I click attach to process, cilck the game, and press F9.. the game freezes, all threads are suspended. I have used Cheat Engine, and it has the ability to debug a process without stopping it like Olly does. Is there a plugin of some sort, or a way to stop OllyDBG from stopping my game upon attaching? Thanks.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Actually, this ia a rather interesting question, which involves reversing Olly, I presume.

    What API does Olly use to attach to a debugged process , and what are the parameters passed onto that API?

    That is the key question here.

  3. #3
    Ah! A question answered with a good question, and a challenge issued.

    Regards,
    JMI

  4. #4
    w00b
    Guest
    I'll try to figure that out, someone said it uses WriteProcessMemory() to set breakpoints. Not sure about attaching. I thought of another method. The game I'm trying to reverse uses a launcher that uses CreateProcessA() to launch the game. It does have a "PROCESSINFO" parameter, which means I might be able to retrieve the process ID from that, and finally make olly attach to a certain PID very quickly. This is just another idea. Any thoughts?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    w00b
    Guest
    The target is free, so I think it's ok for me to reveal it. It's TA Spring.

    0012FB70 006B1E7A /CALL to CreateProcessA from TASClien.006B1E75
    0012FB74 00000000 |ModuleFileName = NULL
    0012FB78 04234180 |CommandLine = "C:\Program Files\Spring\spring.exe script.txt"
    0012FB7C 00000000 |pProcessSecurity = NULL
    0012FB80 00000000 |pThreadSecurity = NULL
    0012FB84 00000000 |InheritHandles = FALSE
    0012FB88 04000020 |CreationFlags = NORMAL_PRIORITY_CLASS|CREATE_DEFAULT_ERROR_MODE
    0012FB8C 00000000 |pEnvironment = NULL
    0012FB90 0423481C |CurrentDir = "C:\Program Files\Spring\"
    0012FB94 00710B78 |pStartupInfo = TASClien.00710B78
    0012FB98 00710B68 \pProcessInfo = TASClien.00710B68

    here you see, pProcessInfo is starting at 710B68.. maybe I can pull the needed values from there?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Read around here. (Iczelion's series)

    http://win32assembly.online.fr/tut28.html

  7. #7
    OllyDbg uses DebugActiveProcess to attach. This function, by nature, must suspend all the threads in the target process prior to effecting the attach. Olly then enters a standard debug-loop using WaitForDebugEvent, the first few events of which describe the state of all threads and modules in the target process. So considering that the threads are all suspended before OllyDbg's execution resumes, there is not really much you can do.

    What's the real problem? Is it that OllyDbg complains that 'all threads are suspended' when you attempt to run, or is there some other reason you'd like to alter this behaviour?
    www.ring3circus.com
    Diary of a programmer, journal of a hacker.

Similar Threads

  1. Attach to process freezes the debugger
    By LaptoniC in forum The Newbie Forum
    Replies: 8
    Last Post: March 3rd, 2010, 04:47
  2. Olly not stopping at program start !?
    By MrSmith in forum OllyDbg Support Forums
    Replies: 4
    Last Post: April 12th, 2007, 17:31
  3. Attach
    By Anonymous in forum OllyDbg Support Forums
    Replies: 6
    Last Post: February 19th, 2003, 16:24
  4. Replies: 1
    Last Post: February 9th, 2003, 09:01
  5. SoftIce Server - dynamic stopping & restarting
    By Aimless in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: January 17th, 2003, 04:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •