Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Old 03-27-2003, 22:24
Posts: n/a
How to deal with threads ?

I need some advice about how to debug a thread of a process. I want to know which is the best debugger for this job and how to break on the first instruction of the thread. I don't find any call to CreateThread in the target but in OllyDbg I can see that there is a new thread started, what api to search for ?

Please escuse my English and the lacks in my knowledge

Thank you very much
Reply With Quote
Old 03-28-2003, 16:21
Posts: n/a
Is my question so stupid and I don't deserve at least a "stupid lamer" message ?
Reply With Quote
Old 03-28-2003, 23:24
Vox Humana
Posts: n/a
No your question isn't so stupid, but sometimes it happens that nobody reads a message...

OK, "stupid lamer" ...when CreateProcess creates a new process, it creates also its primary thread; so, you can obviously notice a new thread creation with no CreateThread call.

Besides, if your process calls CreateThread by runtime dynamic linking (unusual, but technically possible), the Import Table won't contain any CreateThread reference.

You aren't a stupid lamer, of course...

Reply With Quote
Old 03-29-2003, 00:44
Posts: n/a
Thank You, Vox Humana

I have to admit that I have few experience in programing. Most probably is runtime dynamic linking so if I'm not wrong I have to check LoadLibrary and GetProc....
I start to read about threads but some quick help is more desirable . Let's say that I will find the place where the new thread is started and I will find the function that the thread is executing. If I will put a breakpoint on the first instruction of that function, when the thread start its execution the debuger will break there ? I mean the thread is executed from the adress space where the function reside or the function is duplicated in other place in the program adress space ?.

Thank You for Your help
Reply With Quote
Old 03-29-2003, 06:22
Vox Humana
Posts: n/a
No, the code isn't duplicated. The thread code is mapped according to its virtual address and relocated if necessary. Each thread shares the same code but it has its own thread context.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[C/C++] Memory patcher to deal with (ASLR) Insid3Code Source Code 7 10-21-2015 02:20
To manage Threads in DLL's El Cid General Discussion 3 05-09-2014 21:05

All times are GMT +8. The time now is 16:52.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )