Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-03-2017, 15:35
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 60
Rept. Given: 4
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 9
Thanks Rcvd at 14 Times in 9 Posts
BlackWhite Reputation: 4
Angry OllyDbg is not good at supporting breakpoints in multi-threading environment

I have encountered OllyDbg's failing to trigger
breakpoints set in other threads several times
especially hardware breakpoints.

Is there any way to solve this problem?

Thanks.
Reply With Quote
  #2  
Old 08-04-2017, 00:42
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 449
Rept. Given: 479
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 445
Thanks Rcvd at 160 Times in 99 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
If I understood your question a way is is use the olly_hardware_breakpoint plugin and save yours BP, if you have problem to find your calls to dll,ocx,etc..., load the BP saved by the OHB, when you load the app in olly.
Greetings...
Reply With Quote
  #3  
Old 08-04-2017, 20:02
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 60
Rept. Given: 4
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 9
Thanks Rcvd at 14 Times in 9 Posts
BlackWhite Reputation: 4
Quote:
Originally Posted by wilson bibe View Post
If I understood your question a way is is use the olly_hardware_breakpoint plugin and save yours BP, if you have problem to find your calls to dll,ocx,etc..., load the BP saved by the OHB, when you load the app in olly.
Greetings...
My question is actually as follows:
(1) There are two functions say f() and g();
(2) OllyDbg debugs f() and sets a breakpoint inside g();
(3) g() is executed by another thread which is not the same as the thread
executing f();
(4) When g() is executed, the breakpoint set inside will not be triggered
whether it's a software breakpoint or hardware one.

So, do you think olly_hardware_breakpoint plugin can solve this problem?

Thanks.
Reply With Quote
  #4  
Old 08-04-2017, 21:01
Naides Naides is offline
Friend
 
Join Date: Mar 2005
Location: Planet Earth
Posts: 40
Rept. Given: 7
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 22
Thanks Rcvd at 10 Times in 7 Posts
Naides Reputation: 2
Try instead a hardware memory-read pointer to the byte or word at the beginning of the instruction you want to break-in: That may trip the BP because regardless, before an instruction is executed, it is read by the thread.
Reply With Quote
  #5  
Old 08-07-2017, 00:59
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 60
Rept. Given: 4
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 9
Thanks Rcvd at 14 Times in 9 Posts
BlackWhite Reputation: 4
Quote:
Originally Posted by Naides View Post
Try instead a hardware memory-read pointer to the byte or word at the beginning of the instruction you want to break-in: That may trip the BP because regardless, before an instruction is executed, it is read by the thread.
Yes, I have tried this trick, but it did not work.
Reply With Quote
  #6  
Old 08-09-2017, 01:28
computerline computerline is offline
Friend
 
Join Date: Jun 2014
Posts: 76
Rept. Given: 40
Rept. Rcvd 28 Times in 12 Posts
Thanks Given: 108
Thanks Rcvd at 118 Times in 46 Posts
computerline Reputation: 28
You could enable Options / Events/ Pause on new thread, maybe that could solve your problem.
Reply With Quote
The Following User Says Thank You to computerline For This Useful Post:
niculaita (08-09-2017)
  #7  
Old 08-10-2017, 20:43
BlackWhite BlackWhite is offline
Friend
 
Join Date: Apr 2013
Posts: 60
Rept. Given: 4
Rept. Rcvd 4 Times in 3 Posts
Thanks Given: 9
Thanks Rcvd at 14 Times in 9 Posts
BlackWhite Reputation: 4
Quote:
Originally Posted by computerline View Post
You could enable Options / Events/ Pause on new thread, maybe that could solve your problem.
Yes, it works.
Thank you for this great idea.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Delphi threading problem phroyt Source Code 5 05-05-2020 13:03
The Prepared environment for kernel programming nimaarek General Discussion 5 06-28-2018 13:31
Some useful Breakpoints in lsdecode 8.2.2.3 Calvin General Discussion 2 05-03-2010 16:05
Modifying Kernel Mode Driver for Hyper Threading aldente General Discussion 8 08-13-2004 10:11


All times are GMT +8. The time now is 13:48.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )