Another Ollydbg question DLL loading in Program

[hobferret]

Hey there it's me again

Being as I am only just "getting" converted to Olly, I have what is probably a very simple question for you guys

When I was messing around with a program for ivanov, I wanted the program to break on access to vboxb410.dll. The only way I managed it was to set a break on "new modules (DLL), but that breaks on every dll it loads.

So how the hell can you get it to break on a specific DLL

Any reply will be appreciated, no matter how "daft" it may be

/hobferret

[MaRKuS-DJM]

you can use DllBreakEx for that task. it's an olly plugin.

[hobferret]

Cheers MaRKuS-DJM

I will see if it kick's ass

/hobferret

[hobferret]

OK MaRKuS

That only let's you know a DLL is being loaded

It don't stop the process, get my drift

/hobferret

[MaRKuS-DJM]

did you also check the option break on new modules in olly options? it should stop at the corresponding dll then.

[hobferret]

MaRKuS-DJM mate

Rite, when I do as you suggest it does break on the DLL loading, a msgbox tells me so

OK having gotten that far, how do I now get to the program

You can't click on anything until you get rid of the msgbox, so pray tell me what I am doing wrong

Obviously after getting rid of the msgbox the program just runs, I need to be able to stop the God darn thing

If I can't get this to work I think I will have to revert to SICE, it's most likely me being as I'm a noob with Olly

/hobferret

[MaRKuS-DJM]

ok, if all doesn't work, i can suggest another way.
1. search for the dll in executable modules
2. right click on it and then go to follow entry
3. in CPU-window, you are on the entry-point now
4. right click in CPU-window, Breakpoint > Hardware, on execution.
5. next time it starts you will break when the entrypoint of the dll is touched.

[hobferret]

Cheers mate

That works, however, I need to do a little more work, because I keep getting Vbox injection error and then terminates

Anyways, thanks, I'm sure I will ger round it now

/hobferret

hey its me again hope you remember me from 1847
may be you could try my plugin ntGlobalFlag
take a look at the using tls in ollydbg thread in this forum its still in view some 10 15 posts below for a link
but it too will stop on all dlls init routine you will be forced to f9 till you are on your required dll

[hobferret]

Hey JuneMouse

I assume you mean this "NtGlobalFlag v 1.1 OllyDbgPlugin", thanks for the info, but my memory from 1847 is rather vague. I know there was "soft ice" around then but no olly's.

Well I'll give it a try anyways

/hobferret