Reputation: 12549
How to use ollydbg 'Run trace' a temporailly created thread?
I have a process that creates a thread periodically. That thread sends and receives info by socket. How do I trace that thread every time it created?
Upvotes: 1
Views: 3053
Answers (1)
Reputation: 2558
User Ollydbg API Finder API from here: http://tuts4you.com/download.php?view.24
Then put a breakpoint in CreateThreadEx or CreateThread API, then goto stack trace window (CTRL + K)
Find caller of CreateThread and you'll find it's parameters, then you can find function that is being passed to CreateThread API, then put breakpoint on that function and let CreateThread API finish (press RUN), you'll be landed on the function that's being created via CreateThread and you can analyze it. Also if your thread is a dll put breakpoint on LoadLibraryEx API.
Upvotes: 1
Related Questions
- How to log CPU instructions executed by program with x64dbg?
- How do I bypass IsDebuggerPresent with OllyDbg?
- OllyDbg doesn't work in Windows 7 x64
- Cracking C# application with OllyDebug
- Ollydbg Debugging - Pass exception to application / Step into instruction
- ollydbg opcode trace
- Can OllyDbg trace a launched exe?
- OllyDbg on win7 64 bit
- OllyDbg - non invasive debugging
- OllyDbg can't debug visual studio exe