Hi,

I have an application that spawns another process which I would like to debug. The parent process communicates with it using named pipes.

I recently managed to set a breakpoint (some kind) in that child process and debugged it. Somehow I cannot reproduce this anymore!
The child process also does not show up in the modules pane, so I wonder how I did that in the first place.

Any ideas?

WX

Did you change your system configuration or OllyDbg options since the last time you debugged it successfully?

One simple trick is to change the first 2 bytes of the new process (I assume it's a PE file written to disk that you can modify) to EB FE (JMP NEAR -1) so when the child is spawned it get stuck in a infinite loop. Attach Olly to it and change the bytes back and you are good to go.

http://www.openrce.org/forums/posts/524

I was going to suggest you check the Armadillo/debug blocker tutorials (Armadillo spawns another instance of itself suspended in memory) but you heard it from the mouth of the horse: Nico is a co-author of the Armadillo systems. . .