Results 1 to 9 of 9

Thread: Attach to process freezes the debugger

  1. #1

    Attach to process freezes the debugger

    I am trying to debug an application but there are some problems. It is not packaged or crypted. It is written in Delphi. However if I try to open with debugger directly, it stops in one exception and can't continue. I tried with AntiDebug plugins of OllyDbg and it is still same. If I try to attach running process, After I attach, ollydbg just hangs. It doesn't load the DLL's etc. I tried with OllyDbg, IDA's debugger result is same. I tried on XP and Windows 7, still the same thing. I tried to use Syser Debugger unfortunately it doesn't support Windows 7.(BSOD) I tried with Virtual PC under Windows 7, it restarts the VPC. I don't want to install Windows XP just to debug that program. What you can suggest for a debugger ? What could be the reason for hanging debuggers? Thanks.
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  2. #2
    possibly some custom code which adjusts the PEB which can kill olly... that'd be my first guess

  3. #3
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by LaptoniC View Post
    However if I try to open with debugger directly, it stops in one exception and can't continue.
    Set OllyDbg to ignore all exceptions.

  4. #4
    I tried to ignore every exception, that is why it hangs. If I don't ignore it stops at EEDFADE exception and there is no way to go. Anyway I just patched to program to show me the values I need. It turns out that program was using hardcoded MD5 strings in the program. MD5(Input) must be equal to hardcoded ones. So for me this program is no more. I can patch hardcoded values to the one I like and it is over. Thanks.
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  5. #5
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    There is a crack in everything. . .

  6. #6
    For me, the interesting part would be WHY debuggers show this behavior.
    Maybe one day you come across a program, which is not patchable that easy and debuggers are acting strange again - then the knowledge you could gain by examine your recently patched program will be invaluable.

  7. #7
    The problem is I can't. If anybody is interested, you can PM for the name of the program.
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

  8. #8
    Have you tried the IDA Stealth plugin? It has solved most of the anti-debugging issues for me.

  9. #9
    I tried and still the same. If I try to run with debugger, it hangs in an exception.If I try to attach it hangs again. I don't know maybe this program isn't using any antidebug tricks. It is a spy program which hooks keyboard and other stuff. Maybe those hook DLL files causing problems. I really don't know.
    "There is only one road to human greatness: through the school of hard knocks." Albert Einstein

Similar Threads

  1. Recovering a process from a hung debugger
    By Nynaeve in forum Blogs Forum
    Replies: 0
    Last Post: February 21st, 2009, 00:24
  2. Attach to process WITHOUT stopping
    By w00b in forum OllyDbg Support Forums
    Replies: 6
    Last Post: February 2nd, 2008, 11:38
  3. olly freezes
    By ogoid in forum Bugs
    Replies: 5
    Last Post: September 18th, 2007, 11:46
  4. Replies: 1
    Last Post: February 9th, 2003, 09:01
  5. S-Ice - just freezes everything
    By temicro in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: December 4th, 2001, 10:23

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •