Attaching a process with Olly

[peleon]

Hello,

This might be a lame question for many of you...but it's killing me

I have a simple test application which executes an infinite loop with "JMP EIP"

Now, I attach the process with Olly and it breaks OK. If I press run, the application keeps executing the "JMP EIP". Ok, this is what I expects.

Now it comes my problem. I pause the application and I change the register EIP to point to the next instruciton after the "JMP EIP" to allow the application keep going as normal.

When I change the EIP and I press "Run", Olly shows a message "Your program is suspended and can't run. Please, resume main thread". So, Olly shows the Threads Window and I select "Resume" in the main thread. After this, Olly shows the process as "Running" but the process does not go further from the instruction after the JMP EIP. If I pause the process again, I can see that it is in the same address after the JMP EIP and the Trap Flag is set!!!

Does anyone know what's going on in here? Am I missing something or this is a Olly bug?

Thanks.

[suddenLy]

the same phenomena occured to me.

When we click "Pause" command in the debug menu, the current control is on the olly debugger process not on the target process.

So the target process is suspended after "Pause" command, and need to "Resume" command.

I guess

[peleon]

Hello suddenLy,

Thanks for the info.

I'm a bit confused about your explanation. By "resume" command you mean when you right-click on the threads window and press "resume"? Becuase it does not work for me

More help will be welcome

THanks.

peleon
press F9 (Run)

[Nacho_dj]

Hello:

I do not know if that is a normal way of running of OllyDbg. I have seen the same a lot of times.

To follow the normal execution of the program, after a pause, use the CTRL+F9. Even though is stopping at every RET, it is working fine.

Try this and then tell us what happens.


Cheers

Nacho_dj

[gabri3l]

There IS a bug in Olly's attach routine. I had a problem awhile back. The issue is that basically you can only attach with Olly once per session.
This means run your prog... attach... do whatever... Press RUN and it works... NOW if you do-not close Olly and try and attach to something else. Your threads will be suspended with no hope of resuming.
Instead you need to close Olly after attaching once to a program. And re-open it to attach correctly again.
I do not know if this will solve your problem since it sounds a little different than mine. But you can always give it a try. :/

[Jay]

Am I missing something, if its running in the infinite loop why pause?, F2 on it change bytes to what they should be then run.

[peleon]

Hello guys,

Thanks for your replies.

gabri3l: You are right, there seem to be a bug in Olly that only the FIRST time works

Nacho_dj: You are also right with your CTRL+F9! It stops in a few RET...but after that it works fine again. Though I have seen that if you pause it again after being attached, the CTRL+F9 command will not work again and I get the eternal suspended process message.

I guess that I will have to close Olly everytime to make it work just the FIRST time I'm happy with this, I can be very patience closing and opening

Thanks

[shoooo]

I found when I debug a process used IPC, I need do this with ollydbg

Quote:

Originally Posted by suddenLy

the same phenomena occured to me.

When we click "Pause" command in the debug menu, the current control is on the olly debugger process not on the target process.

So the target process is suspended after "Pause" command, and need to "Resume" command.

I guess