Hello,

I've been wondering, how should the attach process be done ... whenever I attach *any* process, that process simply freezes. All threads in the attached process are shown as suspended and trying to resume them simply does not work.
Has anyone ever been able to use this functionality??? How???
Thanks.


yaa

i use and always work perfect in xp sp1 and sp2 work perfect.

you open a NEW ollydbg (not an used where you work and close the debugee) a open a NEW and FRESH OLLYDBG, go to atach, and select your process, when stop in debug break, you can look the first section, (generally starting in 401000 in WIEW-WINDOWS and select this section or the section you think the program are executing and right click MEMORY BREAKPOINT ON ACCESS and RUN) the program stop.

Quit the BPM and continue tracing running, debugging, if the program freeze I think OLLYDBG is detected, use HIDE DEBUG 1.22 plugin for avoid detection)

But attach is the MOST useful and work perfect.

Ricardo Narvaja

Hello Ricardo,

Ias I said with a high enough frequency "attaching" an already running process leads to what I described in my original post: the threads in the "attached" process are displayed as "suspended" and there is no way of resuming them (clicking the resume menu item leaves them in their state). Fortunately, this behavior does not seem to be deterministic ... repeating the process enough times you eventually succeed in attaching the target process without it being freeezed.

This behavior is the same on the 2 different machines both running Windows 2000 Server ... and happens even with notepad.exe, so it is not a matter of being *detected*.

Does anyone else experience this same problem???


yaa

I have win xp and no experience with 2000, but in XP you need use a new open OLLYDBG for atach, not a used OLLYDBG when you close a debugged program a use for second time.

Do you try this?

Ricardo Narvaja

Hello Ricardo,

ok, it seems that following your advice of always using a *freshly opened* instance of olly the issue disappears. It would seem that somehow olly remains "dirty" when already used previously for other tasks. Thanks for the advice.


yaa

I also created my own tool that will launch OllyDbg when target process start to execute, olly will attach to and all thread still running as notthing heppen!

no need to run Olly wait for target and then back to olly go to attach command usefull when need to debug hard target hehe

mail me if some1 need.

I also created my own tool that will launch OllyDbg when target process start to execute, olly will attach to and all thread still running as notthing heppen!

no need to run Olly wait for target and then back to olly go to attach command usefull when need to debug hard target hehe

mail me if some1 need.

I also created my own tool that will launch OllyDbg when target process start to execute, olly will attach to and all thread still running as notthing heppen!

no need to run Olly wait for target and then back to olly go to attach command usefull when need to debug hard target hehe

mail me if some1 need.

seem "Edit " function not work correctly
i edit but intead it add new reply!

plese fix it ,Admin.

can you send me your tool to my mail?

ricnar456@yahoo.com.ar

and i can put in my FTP for all want download?

Ricardo Narvaja