Hi,

how can I find the entry point of a Paused thread?
After attaching ollydbg, the EIP register is somewhere in kernel32, but my program has many threads, and i must find out where the thread code starts executing.
Can I find this without hooking CreateThread?

Thanks!

View menu > Threads

I know this, but the Entry value seems to be some address inside kernel32 as I said before

when you attach the program stop in DebugBreak, go to view-memory and put a MEMORY BREAKPOINT ON ACCESS in the first section (the section start in 401000 and RUN and the program stop in any thread executed in the first section)

The memory breakpoint work in all threads simultaneosly

Ricardo