I had been debugging a DLL with some success in the past but put it aside to make way for other things. Since returning I can't seem to repeat the initial steps I had done before.

Here's a brief summary of the details. Program A launches program B which in turn loads DLL C.

I let program A run prog B, then attach to prog B then select the DLL C from the Executable Modules list window, right click follow in dump which takes me to OEP.

I go to a memory address which I know performs a function call of interest (I have used it before) and place a breakpoint there.

The trouble is I can only get Olly to break maybe once if I am lucky, but previously I could get I to break predictably when I the program is requested to perform a particular operation.

Can anyone suggest what the proble might be?

Many thanks,
5aLIVE.

well if it broke once then it should break ever if you did it right
unless it is some kind of polymorphic selfmodifying code which changes itself everytime even then olly should warn you about corrupt breakpoints
and should ask you for confirmation before disabling them

may be you load the dll seperately and hard code an infinite jump on the function start and use pause (f12) to stop while it is used by the program B

or use the plugin bookmark and create a book mark
and pause on LoadDll event and when stopped follow entry and go to
bookmark and physically put a break point ??

well if it broke once then it should break ever if you did it right
>I agree with that. This is very odd, I'll try a setting a BP at another location and see if that changes anything.

unless it is some kind of polymorphic selfmodifying code which changes itself everytime even then olly should warn you about corrupt breakpoints
and should ask you for confirmation before disabling them
>There is nothing as sophisticated as that involved in this code thankfully.

may be you load the dll seperately and hard code an infinite jump on the function start and use pause (f12) to stop while it is used by the program B
>I've used this technique before (EBFE), I could always try it again, though I shouldn't need too.

or use the plugin bookmark and create a book mark
and pause on LoadDll event and when stopped follow entry and go to
bookmark and physically put a break point ??
>I have'nt used this plugin before I'll give it a try.
>Thankyou.
>

I had another look at this, I followed the steps I described above and found that it will only break if I make program B load file A, If I select any other file B,C, D to load it will also break.

If I load a previously loaded file (say B) it won't break, It's still doesn't make any sense as I don't think it records the result of previously opened files.

To be honest I don't think it did this before, but I can't be certain.
5aLIVE