I am trying to trace a multi-thread program. But i find that, if i trace it step by step, the thread callback function wouldn't be reached even though the main program call ResumeThread explicitly(the thread was created with a CREATE_SUSPENDED flag). But, if i set an breakpoint in the thread function, the main program will ..., in a word, i don't to how to trace it.

Anyone would like to give me some advise or tutorial documents?
Thanks

How about leaving Olly/IDA/S-Ice and looking at Intel's Vtune or Intel's thread checker?

Have Phun,

I use OllyDbg. but someone says that, multi-thread program debug is not supported by Olly, is that right? I am not sure, but i have problems about debugging such programs.
In addition, I use IDA to analyze the callback function of the thread, i find some code accesses ebp register but with no push ebp, mov ebp,esp action. im puzzled about it. if it uses the caller's ebp value, what would happen when the caller reach its own scope? what guarantee the thread would return before the caller go out of its scope?

Could that be the LPARAM value passed in CreateThread?

No. Although the caller passes a LPARAM value to the thread function in CreateThread, but the thread function directly use ebp to access some value before use the parameter. So, the ebp is not passed from the caller.

Trace the parent thread until it calls ResumeThread. Make sure a breakpoint is set on the child thread's thread func, then press F9 (Run). This will cause OllyDbg to continue executing all active threads until an exception is hit, the first of which should be the breakpoint on your child thread's thread func.