Hi - I'm trying learn how use olly but in particular to debug a dll that is doing something in its "dllmain". As a simplified test case I have created a dll the prints a message to stdout in its dllmain and also exports some stupid function. Additionally I have created a simple win32 console app that calls the exported function and quits (the console app links directly to the dll's implib) ok...
so when I start up the console.exe in olly, the debugger stops at jmp _crtMain (or something like this....) and I can see from the log that my dll has been loaded and I can see the dllmain message had been printed to the console. The question is how do I set a break point inside the dllmain (assume I don't have the source, implib, etc.)

thanks

Request OllyDbg to break on DLL loading:
options -> debugging options -> events -> break on a new module (DLL)

yaa

This is what i tried, but for some reason it doesn't work... hmm i'm using 1.09b maybe this is bug that has been fixed.

same thing in 1.09d -- oh well. could it be because i statically link to the implib?... also, i'm using msvc7

Strange, it always breaks for me ...
How about this other idea ... the dll should have a module entry point exported ... put a breakpoint on it, it should break on startup ... please let us know ..


yaa

>could it be because i statically link to the implib?...

Yes.

The corresponding dynamic link library (dll) will never be loaded, because you have compiled (a copy of) the code into the executable itself...

What does statically linking to the import library mean????
To call a DLL you HAVE to link its import libary otherwise how would you be able to call its exported functions? How can you "dinamically" link an import library???? This is nonsense.

yaa

No, no, no.

You can bundle the DLL into your executable itself. Yes, this increases the size of your executable, but it means you don't have to rely on a (potentially) out-of-date dll, as all the functions have been bound to your exe at compile time.

I know that you can take in the needed functions ... but this IS NOT statically linking the import library. The import library IS ALWAYS STATICALLY LINKED.

yaa

You are correct, yaa, as are Anonymous2 and I...

With little information provided and no source, we can only make guesses as to what the problem is. Since OllyDbg does work for us, it SHOULD be working for the requestor as well. Obviously, there is an assumption being made that is incorrect. From previous experience, I have seen people look at a directory listing and see some old .dll file, but have compiled the actual function code into the executable. Since the problem hasn't been resolved, I threw this out as a possibility to look into. Perhaps the original user is not using the terminology correctly...