Log in

View Full Version : OllyDbg pauses in another process...? WinXP CZ


jumbus
January 17th, 2004, 11:28
Hello, I have small problem with OllyDbg. I used Win98 for years and now migrated to XP. When I used pause button in OllyDbg in Win98 (debugging simple programm, hello world for example), it always stopped in process I debugged. Now in XP it seems, that pause button stops in another process (while debugging hello world it stops in webwasher.dll. I thing I can see the name of currently debugged process in the tray of OllyDbg. Oh, I use Windows XP, SP1, czech language. I also use 1.09d, but this problem exist in all versions I have. I am always logged as Administrator, so I have all rights it needs.

Any ideas? Maybe I only cannot use OllyDbg properly..... Sorry for my bad english.

Jumbus

focht
January 17th, 2004, 14:22
Greetings,

>Now in XP it seems, that pause button stops in another process (while debugging hello world it stops in webwasher.dll.

i think you mix some things up here
Pausing a process actually means suspending all threads of the process.
The debugger usually shows the call stack of the last active thread (which is suspended too) when finishing "pause" command.

"webwasher.dll" IS NOT A PROCESS. Its just a dynamic library, where some exported function got called at the time, the debugger paused the process.
The point, where the debuggee pauses may be abitrary, well even the thread (if its multithreaded) may differ on each pause.

Just set a breakpoint where interested and resume the program.
Of course you can "manually" walk the call stack up to reach some higher level function - "step out".

Regards,

A. Focht

Ricardo Narvaja
January 17th, 2004, 17:19
In w98 OLLYDBG is very limited and you cannot trace into system dlls, when you pause you are in the same process opf the executable but in a dll, with call stack or in the stack better, you can view the call of the executable and with this information you can return to the exe, or try DEBUG-EXECUTE TILL USER CODE or DEBUG TILL RETURN for more quicly return.

Ricardo

blabberer
January 18th, 2004, 08:54
well in most of the cases you can use the alt+f9 (return to user code)
and olly will return from the paused dlls process to the next instruction in your hello world

but if it has stopped in message pump then till there is no message to be processed it will be pusing at some return in dlls as it goes on infinitely

jumbus
January 18th, 2004, 11:22
Thanx for all answers wery much, but it doesn't helped me. If I use Windows 2000 EN, everything is OK, OllyDbg stops where I expect and I can use commands like EXECUTE TILL USER CODE (if OllyDbg stops in some Dll), but if I login into my XP cz and use Pause Button, it always stops in dll program doesn't call (webwasher.dll is part of AD killing software known as webwasher, no other process use it), so EXECUTE TILL USER CODE doesn't step anymore. Nowhere to step. I will make some screenshots, memory dump etc and send URL to this forum to explain what's going on.

And, of course, sorry for my bad English and mistakes, misprints,.... :-)

Regards,

Jumbus

Ricardo Narvaja
January 19th, 2004, 01:11
Go to view-memory and put a Breakpoit memory on acess in a section you are working and run, olly stop in the executable again.

Ricardo

Ricardo Narvaja
January 19th, 2004, 01:15
Look in the stack, when you are paused, go down to the stack and look the RETURNS TO ......

Search for the first RETURN TO .... the executable jeje


Example

RETURN TO 7663556773
753555637
456635
133425
RETURN TO 456789

this is the first RETURN TO executable zone

GO TO 456789 and put a BP in this place and in the next line and run olly stops when return to the executable.

Ricardo

Ricardo Narvaja
January 19th, 2004, 01:19
When you work with softice and stops in a dll, you can press f12 many times, to return to the executable, olly is equal in XP, you are not practical in this method because in 98 olly dont'stop in dlls, but with one or two tries you learn how to return easy.

Ricardo

jeduardoc
February 6th, 2004, 20:56
hola yo soy nuevo en esto y me gustaria que alguien con esperiensia me ayudara , pues mi victima esta bien dura y creo que solo alguien con mucha esperiencia puede desifralo.....

el soft es muy pequeno pero esta bien almado....si hacerta un desafio escrivame para mandarselo

cualquier ayuda la agradesere

jumbus
February 28th, 2004, 13:34
Hello, thanx for all answers. I found the solution. If anybody has this problem, simply go to Debugging options, choose Registers card and check all checkboxes here. Now OllyDbg pauses where i expect (same place as in Windows2000 EN) and I can execute to user code and continue debugging.

Thanx to all who answered me and sorry for my bad english of course. :-))

Regards,

Jumbus