Hey.
i got the following set up.
i got an app (.exe in windows xp), that loades a .dll file (i knwo what it is and where it is etc...), i was wondeirng after i run the program in ollydebug, where can i set break points onto the dll imported function? i want to set a break point onto a function that dll uses, however dll is loaded by .exe, and the result of the call goes to the .exe...so i was wondeirng how cna i set that breakpoint in dll while running it from the .exe file...
thx

case 1 dll is loaded dynamically using loadlib etc
debugging options,events,break on dll load when the dll is loaded olly will break
view executable modules,follow entry to that dll and analyse the dll and then view names set bp on whatever function you knowwill be called or setbrekpoints on exported functions by dll

case2 the dll is already loaded when ollystops in ep
view executable modules follow ep analyse set breaks
(the case one will also work but it annaoying as itbreak on all dlls)

you can also try searching for names on all modules and find referances to the call and set bp on referances

and last but not least youcan load the dll alone in ollydbg and set the stackframe with args passed and call the function yourself from loaddll

have fun

ok..i think i got a slight problem, i don';t think the dll that i though was used to determine whether the stupid nag would pop or not , is the one that actualkly does it. I never saw it being loaded into the memory in ollydegbug. Now i was wondering ...8is there a way to motior if a file is being accessed, and by what and from where?
thx

Use FileMon of SysInternals (www.sysinternals.com)

We all know in sice we can use "reg eip=SomeAddress" to change the next program execution flow. But how can we accompany this in ollydbg ? I had tried a lot in olly's cmdbar interactively, but got no luck. Anywho can have a answer of that ? Don't blame me about this simple question, I know it might be stupid also. But I'm much appreciated if you can help me out off this puzzle.

Thanks.

yalcm:

You posted essentially this same question in the Ollydbg Forum yesterday and a response was posted there for you a 9:34 this morning.

How about you follow-up there, where you started?

Regards,

Catched it & Thank you very much.