Results 1 to 2 of 2

Thread: Ollydebug with threads and exec

  1. #1

    Ollydebug with threads and exec

    I'm looking for some advice on two fronts. I have two different programs I'm trying to debug with ollydebug.

    The first is a web server. Obviously this program is multithreaded, which causes my problem. The client thread works fine (the window that pops up with options), but the server side thread is crashing and I'd like to debug it. However, when I'm attempting to trace through the program, it stays with the client side thread that works fine, so I'm unable to see what's happening with the server thread that's crashing it. Anyone that can give me some advice how to trace through the server thread would be much appreciated.

    The second program that I'm trying to debug is an executable that is executed via exec from another program. I'm not sure how to trace a program that is being called from exec. Anyone that can help with that problem would be much appreciated.

    Thanks in advance.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Ring -1
    Blog Entries
    To debug the server thread, just find a breakpoint anywhere inside its code, and you will then land in its context and thread inside the debugger as soon as it executes. Alternatively, find the actual CreateThread call that creates the thread (if it's not pooled), and breakpoint that and go from there.

    As for the "exec" call, I assume we are talking about the PHP function "exec"? There are gazillions of ways to do that, but one suggestion would be to patch a "spin loop" at the entrypoint of that executable on disk, then attach to it once it's running, set suitable breakpoints and then restore the loop patch and let it run. You could also breakpoint CreateProcess (or whatever API is used) inside php.exe and take it from there, e.g. by modifying the parameters to create the process in suspended state.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. Need help please to exec a function
    By Rose in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: April 8th, 2011, 10:00
  2. How to debug threads in Ollydbg ?
    By Code-Monkey in forum OllyDbg Support Forums
    Replies: 0
    Last Post: September 27th, 2009, 06:20
  3. Ollydebug access violation
    By Quell in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: December 30th, 2004, 18:24
  4. Cant see Plugins in Ollydebug' v1.09d's
    By paul333 in forum Bugs
    Replies: 2
    Last Post: October 1st, 2003, 10:59


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts