Anyone can give me some hints about how to debug
a windows service program.
I can't set breakpoint on it.

thx very much.

Hi there:

This can be ranging from difficult to outright tough... depending on the kinda stuff you do within ur service.

Okey, my fav. way is to use OutputDebugString and DbgView (sysinternals) to see what happens when my service is executing. This can be quite a powerful debugging method.

Let me know if this helps.

Signed,
-- FoxThree

what do you mean by "can't set BP"?

You can use the "attach to process" feature of your debuggers such as VC++/BCB. it works well. Sure SoftICE also works.

I have successfully set bp on it through other way.

First set bp on loadlibrarya. Then start service. It will
stop at bp. Now I can set bp any where in the service program.

Thanks for u help.

But I still don't know how to attach to a process
in SoftICE.

sorry I have not express it clearly. SoftICE is kernel mode debugger, it can't attach to a process. The debuggers of VC++ & C++ Builder can be attached to a process and debug it.

Hi guys


I had problems trying to unpack programs that only run as services.

The first problem is a program that is protected using asprot*** and i its difficult to attach with ollydbg with all hidding techniques avaliables. The second problem is a program protected with arma*****3.17xx, i can attach with olly .

In both cases I wanna stop the program on entry point with ollydbg, but i can't.
I tried "injection method",
- I run ollydbg and configure to be JIT (just in time debugger) for windows.
- I inject a two bytes "CC" INT 03 near the entry point of executable.

After that i start the service using services.msc, then ollydbg stop near entry point ....but then push F9 to run and CRC check routines of asprotect and armadillo tell me that "i am a bad boy" and the program was altered by a virus...or something....and try to reinstall the package....

After that I try to attach to services.exe and... after some commands....my windows reboot!!!


Is there a way to debug a service from entry point using olly or other programs....please help...i'm a newbie. No gflags solutions please.

thanks in advance.


azegc

Apart from reviving a FIVE YEAR OLD THREAD and having an absolute disregard for the FAQ, you're doing it right.

SoftICE or dump.

Hi

If only we can change PE header characteristics of executable.....

https://www.openrce.org/blog/view/396/Unpacking_DLLs_and_Drivers_with_OllyDbg

I renamed the service to .EXE, after that I edit PE header acording link and tried to run....."the program was altered.....".. .....this method dont work on arma***** service


Another method is to debug over RING0, using VMWA** and WinD**, thanxs Ricardo Narvaja, i will try this days....

bye


azegc

hi
As u said that u dot success to put bp in service programme.
can u tell me more about how did u do that. i m trying but i dont get success.if u have any tutorial plz let me know

thanks

Um, ndn_ndn1234:

Are you fully awake? Did you not notice that "BjT's" post was made FIVE YEARS AGO?????

Come man, get with the program and try paying attention to these "little" details!

Regards,

...and also, "Posts: n/a" means he is no longer with us.