EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-03-2017, 15:35
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 47
Rept. Given: 4
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 1
Thanks Rcvd at 5 Times in 4 Posts
BlackWhite Reputation: 4
Angry OllyDbg is not good at supporting breakpoints in multi-threading environment

I have encountered OllyDbg's failing to trigger
breakpoints set in other threads several times
especially hardware breakpoints.

Is there any way to solve this problem?

Thanks.
Reply With Quote
  #2  
Old 08-04-2017, 00:42
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 388
Rept. Given: 458
Rept. Rcvd 435 Times in 177 Posts
Thanks Given: 136
Thanks Rcvd at 67 Times in 39 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
If I understood your question a way is is use the olly_hardware_breakpoint plugin and save yours BP, if you have problem to find your calls to dll,ocx,etc..., load the BP saved by the OHB, when you load the app in olly.
Greetings...
Reply With Quote
  #3  
Old 08-04-2017, 20:02
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 47
Rept. Given: 4
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 1
Thanks Rcvd at 5 Times in 4 Posts
BlackWhite Reputation: 4
Quote:
Originally Posted by wilson bibe View Post
If I understood your question a way is is use the olly_hardware_breakpoint plugin and save yours BP, if you have problem to find your calls to dll,ocx,etc..., load the BP saved by the OHB, when you load the app in olly.
Greetings...
My question is actually as follows:
(1) There are two functions say f() and g();
(2) OllyDbg debugs f() and sets a breakpoint inside g();
(3) g() is executed by another thread which is not the same as the thread
executing f();
(4) When g() is executed, the breakpoint set inside will not be triggered
whether it's a software breakpoint or hardware one.

So, do you think olly_hardware_breakpoint plugin can solve this problem?

Thanks.
Reply With Quote
  #4  
Old 08-04-2017, 21:01
Naides Naides is offline
Friend
 
Join Date: Mar 2005
Location: Planet Earth
Posts: 35
Rept. Given: 7
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 18
Thanks Rcvd at 5 Times in 4 Posts
Naides Reputation: 2
Try instead a hardware memory-read pointer to the byte or word at the beginning of the instruction you want to break-in: That may trip the BP because regardless, before an instruction is executed, it is read by the thread.
Reply With Quote
  #5  
Old 08-07-2017, 00:59
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 47
Rept. Given: 4
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 1
Thanks Rcvd at 5 Times in 4 Posts
BlackWhite Reputation: 4
Quote:
Originally Posted by Naides View Post
Try instead a hardware memory-read pointer to the byte or word at the beginning of the instruction you want to break-in: That may trip the BP because regardless, before an instruction is executed, it is read by the thread.
Yes, I have tried this trick, but it did not work.
Reply With Quote
  #6  
Old 08-09-2017, 01:28
computerline computerline is offline
Friend
 
Join Date: Jun 2014
Posts: 36
Rept. Given: 40
Rept. Rcvd 26 Times in 10 Posts
Thanks Given: 38
Thanks Rcvd at 39 Times in 17 Posts
computerline Reputation: 26
You could enable Options / Events/ Pause on new thread, maybe that could solve your problem.
Reply With Quote
The Following User Says Thank You to computerline For This Useful Post:
niculaita (08-09-2017)
  #7  
Old 08-10-2017, 20:43
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 47
Rept. Given: 4
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 1
Thanks Rcvd at 5 Times in 4 Posts
BlackWhite Reputation: 4
Quote:
Originally Posted by computerline View Post
You could enable Options / Events/ Pause on new thread, maybe that could solve your problem.
Yes, it works.
Thank you for this great idea.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 13:18.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX