Results 1 to 11 of 11

Thread: How to debug a Windows service program

  1. #1
    BjT
    Guest

    How to debug a Windows service program

    Anyone can give me some hints about how to debug
    a windows service program.
    I can't set breakpoint on it.

    thx very much.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    foxthree
    Guest

    Arrow Can be tough

    Hi there:

    This can be ranging from difficult to outright tough... depending on the kinda stuff you do within ur service.

    Okey, my fav. way is to use OutputDebugString and DbgView (sysinternals) to see what happens when my service is executing. This can be quite a powerful debugging method.

    Let me know if this helps.

    Signed,
    -- FoxThree
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    what do you mean by "can't set BP"?

    You can use the "attach to process" feature of your debuggers such as VC++/BCB. it works well. Sure SoftICE also works.
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  4. #4
    BjT
    Guest
    I have successfully set bp on it through other way.

    First set bp on loadlibrarya. Then start service. It will
    stop at bp. Now I can set bp any where in the service program.

    Thanks for u help.

    But I still don't know how to attach to a process
    in SoftICE.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    sorry I have not express it clearly. SoftICE is kernel mode debugger, it can't attach to a process. The debuggers of VC++ & C++ Builder can be attached to a process and debug it.
    :DWARNING: Shareware authors are reading your detailed discussions without paying you!:D

  6. #6
    azegc
    Guest

    I hate windows services!!!

    Hi guys


    I had problems trying to unpack programs that only run as services.

    The first problem is a program that is protected using asprot*** and i its difficult to attach with ollydbg with all hidding techniques avaliables. The second problem is a program protected with arma*****3.17xx, i can attach with olly .

    In both cases I wanna stop the program on entry point with ollydbg, but i can't.
    I tried "injection method",
    - I run ollydbg and configure to be JIT (just in time debugger) for windows.
    - I inject a two bytes "CC" INT 03 near the entry point of executable.

    After that i start the service using services.msc, then ollydbg stop near entry point ....but then push F9 to run and CRC check routines of asprotect and armadillo tell me that "i am a bad boy" and the program was altered by a virus...or something....and try to reinstall the package....

    After that I try to attach to services.exe and... after some commands....my windows reboot!!!


    Is there a way to debug a service from entry point using olly or other programs....please help...i'm a newbie. No gflags solutions please.

    thanks in advance.


    azegc
    Last edited by azegc; June 22nd, 2007 at 10:33.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7

    sage

    Apart from reviving a FIVE YEAR OLD THREAD and having an absolute disregard for the FAQ, you're doing it right.

    SoftICE or dump.

  8. #8
    azegc
    Guest

    Another Methods

    Hi

    If only we can change PE header characteristics of executable.....

    https://www.openrce.org/blog/view/396/Unpacking_DLLs_and_Drivers_with_OllyDbg

    I renamed the service to .EXE, after that I edit PE header acording link and tried to run....."the program was altered.....".. .....this method dont work on arma***** service


    Another method is to debug over RING0, using VMWA** and WinD**, thanxs Ricardo Narvaja, i will try this days....

    bye


    azegc
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    ndn_ndn1234
    Guest

    help me

    Quote Originally Posted by BjT View Post
    I have successfully set bp on it through other way.

    First set bp on loadlibrarya. Then start service. It will
    stop at bp. Now I can set bp any where in the service program.

    Thanks for u help.

    But I still don't know how to attach to a process
    in SoftICE.
    hi
    As u said that u dot success to put bp in service programme.
    can u tell me more about how did u do that. i m trying but i dont get success.if u have any tutorial plz let me know

    thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    Um, ndn_ndn1234:

    Are you fully awake? Did you not notice that "BjT's" post was made FIVE YEARS AGO?????

    Come man, get with the program and try paying attention to these "little" details!

    Regards,
    JMI

  11. #11

    sage

    ...and also, "Posts: n/a" means he is no longer with us.

Similar Threads

  1. How to use Olly to debug a Windows process
    By jkally in forum The Newbie Forum
    Replies: 4
    Last Post: March 29th, 2010, 15:29
  2. Windows Anti-Debug Reference, nice collection of anti-debug tricks
    By dELTA in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: September 16th, 2007, 01:34
  3. Help on HASP service 3Dh (service 61)
    By edge in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: July 18th, 2004, 13:59
  4. How to use ollydbg debug java program that run on
    By Teerayoot in forum OllyDbg Support Forums
    Replies: 3
    Last Post: June 5th, 2003, 00:28
  5. Windows,its debug binaries and SoftIce
    By latig0 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 5
    Last Post: July 23rd, 2001, 14:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •