hello,

i need to hook olly to a dll exported fn. the dll(plugin) is loaded and unloaded for a while at runtime, impossible to locate in mod/mem list. tried the int 3 but olly doesn't handle, maybe due the plugin running in different context than imprec. i3 is handled by softice but i need to use ollydbg. any hint to hook? tia.

_Servil_: you can select options/event/break on new module and then breakpoint on you needed function

thanks but unfortunatelly it doesn't work host app doesnt call the plugin by getprocaddr/call but creating a thread waiting for it's end (???)
I located the place where the plugin file is accessed,

0043C9EA FF15 DCE14300 CALL NEAR [DWORD DS:43E1DC] ; kernel32.ResumeThread

tracing into there was the INT 2E which olly isn't able trace.
this seems is the thing i couldn't locate the plugin module part in trace log.
any chance to step through the interrupt?
tried to find place where module is loaded and export address retrieved,
but there's not one not sure if this isn't handled by kernel APIs (CreateRemoteThread?), the plugin is first read as late as resumethread is called ;(