Results 1 to 5 of 5

Thread: How to debug temporary threads with Ollydbg ?

  1. #1
    MrSmith
    Guest

    How to debug temporary threads with Ollydbg ?

    Hi everybody,

    yesterday I was debugging a program that used threads in a tricky way to display an annoying MsgBox. I only solved the problem by pure luck and I wondered if there are better ways in Ollydbg to do this.

    It seems the program is periodically (every few seconds) starting a thread that checks if everything is fine (license wise) and if not sends a message to the main thread via PostMessageA. After this the thread exits.
    Once the main thread receives the message it displays the message box and exits. If I set a bp on MessageBoxA I land in the main thread and find the location where the MsgBox is created, but I can' t find the test that triggers the MsgBox.
    I looked in the Call stack window and by pure luck I found the thread that does the PostMessageA in the list of other existing threads. I said by pure luck because I could never repeat this. In all my other tries the PostMessageA thread didn't exist! I think this is so because this thread exists only for a fraction of a second (while it does the test) and then terminates.

    So the question is:
    How can I locate the testing thread given the situation described above ?

    Cheers,

    MrSmith
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    uhm, you said it youself, its launching a thread right...
    bpx CreateThread ?

  3. #3
    you could also go under Options menu -> Debugging options -> Events tab -> check "Break on new thread"

  4. #4
    Actually I'd conditional break on PostMessageA with the right message. That should break inside the thread you're looking for.

  5. #5
    MrSmith
    Guest
    Hi goggles99

    > you could also go under Options menu ->
    >Debugging options -> Events tab -> check
    >"Break on new thread"

    that's a neat trick. Didn't see that option.

    Cheers,

    MrSmith
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Ollydebug with threads and exec
    By rwartell in forum OllyDbg Support Forums
    Replies: 1
    Last Post: July 24th, 2010, 17:59
  2. How to debug threads in Ollydbg ?
    By Code-Monkey in forum OllyDbg Support Forums
    Replies: 0
    Last Post: September 27th, 2009, 06:20
  3. Replies: 15
    Last Post: May 13th, 2003, 06:23
  4. Aargh! Can we PM some of these RV/Asprotect threads?
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 16
    Last Post: April 27th, 2002, 16:27

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •