blueflycn
January 24th, 2013, 13:10
I am using ollydby (2.0 version) to debug a running process. The process has multiple threads, and one thread is fired periodically (controlled by a timer I guess) to do some socket/tcp communication. What I want to figure out is what the thread has done after socket/tcp communicating.
I am following these steps:
1. run the process
2. open ollydbg and attach it to the process
3. set breaking point just at the line that sends socket message
4. press Ctrl + F11 to run trace
but then it stopped and the snap shot is:
2710
2711
and only about no more than 200 lines were in Run trace window. I noticed that the last line in trace window is
does this have anything to do with this issue?
Any idea about this?
I am following these steps:
1. run the process
2. open ollydbg and attach it to the process
3. set breaking point just at the line that sends socket message
Code:
Address = 0113B2DF
Module = test
Status = Enabled
Disassembly = CALL <JMP.&ws2_32.WSASend>
Comment = Jump to ws2_32.WSASend
4. press Ctrl + F11 to run trace
but then it stopped and the snap shot is:
2710
2711
and only about no more than 200 lines were in Run trace window. I noticed that the last line in trace window is
Code:
0113BCCF E8 08BCECFF CALL <JMP.&kernel32.GetQueuedCompletionS ; Jump to kernel32.GetQueuedCompletionStatus
does this have anything to do with this issue?
Any idea about this?