First, hello to all!
I am trying to debug some program for days and cant find the solution.

The porgram itself exist in two variations, it can be installed as aplication in which case it has only one exe or like service and then it has two exe files, the manager application and the service itself.

Anyway, single exe and manager exe files are similar and I successfully patched it, one NOPing and one change from JNZ to JZ. The program have all the functions of the registered one. (protected with Armadilllo 3.78 so I unpacked it with dilloDie 1.6, load into OllyDbg, change bytes to become registered and then Rebuild PE with LordPE 1.41 - all that works perfect).

Now, the service exe is what bugs me.

PeID shows me that its not protected with anything, it says Visual Basic 5 & 6. The problem is when I start the manager in Olly and start to debug it, service exe doesn not appear at the bottom of the Olly screen in section of loaded modules. When I try to attach process it asks me to close manager (which is needed for the program to function). So i tried to open it in new OllyDbg, but there is no stoping on breakpoints which i set for service exe.

What could be the problem, how to debug that service exe file to find the place for changing the bytes.

Thanks in advance

Edit: Tried to select that exe with Catcha! plugin for Olly, but it hangs at ntdll.DebugBreakPoint. Any hint what to do next?
Thanks

if that service.exe is spawned as a new process (using CreateProcess() etc ) ollydbg will not be able to debug it concurrently in the same session

you can try patching the entry with ebfe (0xeb 0xfe are opcodes for jmp on to itself or in otherwords an infinite loop ) and then attach to it and re patch it to old bytes

Thanks for the info blabberer.
Now, this is how this proggy works. You start the manager and then in the manager You "install" the service and then again in the manager You start the service and this is the time where You can attach it to Olly thorugh Attach process command.

I patched Entry Point to EB FEin service exe without starting it. Then, I started to debug manager. But when I tried to comunnicate with the service, either to install it or start it, it hangs (obviously that is the trick I need), but Olly doesnt place me at that line of service exe.

What am I doing wrong. Eager to find out and thanks again for Your time.

Are you absolutely SURE it's not packed? Would you bet your life on it?

If the answer to the above is anything other than a confident YES, I advise you check the file again using elementary techniques you should've learned for identifying packed/encrypted files.

Also, if it is an "NT service", ... just go do some more of YOUR own research towards finding out more information on those.

It isnt packed. Tried to determine compression or encryption with numerous tools and ways and nothing. When i open it in OllyDbg (without starting, just to analyze some code) i dont get any error, and all text strings thats important can be found in the file.
So, I accept Your advice to search more about debuging NT service, but believe me, thats the only thing Im doing right now.
Thanks for Your time LLXX