Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page How to debug a program spawned by another program?
Register Forum Rules FAQ Calendar

Notices

Reply
Page 2 of 2 1 2
 
Thread Tools Display Modes
  #16  
Old 11-17-2012, 08:45
bunion bunion is offline
Friend
  
Join Date: Apr 2002
Posts: 227
Rept. Given: 45
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 0
Thanks Rcvd at 6 Times in 6 Posts
bunion Reputation: 11
Olly v2 allows debbuggin child proceses.. dunno if it help in your case though

bunion
Reply With Quote
  #17  
Old 11-19-2012, 03:07
piccolo piccolo is offline
Friend
  
Join Date: Jul 2006
Posts: 28
Rept. Given: 4
Rept. Rcvd 3 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
piccolo Reputation: 3
I hope you checked out codeproject as well. There is some great info (with sources of course) on api hooking. You'd need some adaptation for windows 7 and you would need to disable the antivirus as well. Some av's can catch api hooking.
Reply With Quote
  #18  
Old 11-21-2012, 10:02
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
  
Join Date: Jan 2002
Location: Here
Posts: 410
Rept. Given: 10
Rept. Rcvd 17 Times in 15 Posts
Thanks Given: 42
Thanks Rcvd at 155 Times in 61 Posts
WhoCares Reputation: 17
use windbg, set ".childdbg 1"
__________________
AKA Solomon/blowfish.
Reply With Quote
  #19  
Old 11-22-2012, 00:41
mr.exodia mr.exodia is offline
Retired Moderator
  
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
You could try putting a breakpoint somewhere on the internals of OpenMutexA (for the child) and CreateMutexA for the father.

Also some tool you might like: http://www.mediafire.com/?p8xf39q81ppzx5n (source included)

Greetings
Reply With Quote
The Following 4 Users Gave Reputation+1 to mr.exodia For This Useful Post:
chessgod101 (11-22-2012), Dreamer (11-23-2012), giv (11-23-2012), p4r4d0x (11-24-2012)
  #20  
Old 11-25-2012, 18:39
Chobitx
 
Posts: n/a
A few days have passed, I am eager to know if my suggestion help you, how about the result? Does the breakpoint get hit if we follow the steps above? -_-
Reply With Quote
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Program to view what another Program is doing when it is run? sojourner353 General Discussion 19 07-07-2012 00:17


All times are GMT +8. The time now is 00:36.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )