ok, I'm setting a breakponit and handling it in Pausedx(), But, the problem is the the function I set the breakpoint on is called very often, and because (I pressume) ollydbg rewrites the CPUDUMP pane everytime the breakpoint is hit, the program gets really slow.

Is there a way to put a breakpoint ni such a way that ollydbg does not rewrite the CPU PANE? I think maybe it is possible with logging conditional breakopints,has anyone tried this before?

Even if i Close the cpu dump window, every time the breakpoint is hit, it is reopened again.

any help will be appreciated.

thanks, bye!

post some code that you have cooked up or a possible prototype to
see the problem i mean an exe and a plugin that doesnt work some where
probably rapidshare should be ok
so that one can understand what happens
yes one can set conditional breakpoint
though as i said i never used go but i have used conditional break points
to handle only the break i want

take a look at NtGlobalFlag plugin source at BiW

it works like this


Insertname((ulong)ntdll_RtlRaiseException,NM_BREAK,"STRING [[[esp+4]+18h]] == \"LDR: Calling Tls Callback Imagebase\" | STRING [[[esp+4]+18h]] == \" - Calling\"";
Setbreakpointext((ulong)ntdll_RtlRaiseException,TY_ACTIVE|TY_KEEPCO ND,0,0);
Sendshortcut(PM_MAIN,0,WM_KEYDOWN,0,0,VK_F9);
VirtualProtectEx(debproc,mbi.BaseAddress,mbi.RegionSize,lpOld,&lpOl d);
CloseHandle(debproc);
return 0;
}


why dont you try debugging the dll ?? and finding where it errs ??

you could recompile tbd_debugplugin to suit 1.10 version
or just load ollydbg on ollydbg view names in your plugin
and set abreak point on pluginAction and every thing becomes clear

btw where have you stashed all your plugins i ve not seen even one plugin authored by sinnornot

thanks a lot for your answer again! it was very helpful!

now I was able to set a conditional logging breakpoint based in the example you provided, using code like the following:

Insertname( (ulong)g_rtlfreeheap_addr, NM_BREAKEXPR,"\x24\x00";
Insertname( (ulong)g_rtlfreeheap_addr, NM_BREAKEXPL, "test";
Setbreakpointext( g_rtlfreeheap_addr, TY_ACTIVE|TY_KEEPCOND,0,0);

and I tried setting the COND_NOBREAK flag in the 'name' parameter, and everything works fine, except that of course, COND_NOBREAK means that my pausedex() function is not called.

Now, everything I want is working as expected, the problem is that is it VERY SLOW.

what I am doing is:

-setting breakpoint in a function, eg: rtlfreeheap
-when the breakpoint is hit, my pausedex() function is called and I do sthg there

the problem is that for functions that are called VERY often (eg: rtlfreeheap) every time the breakponit is hit, ollydbg redraws the whole CPU DUMP, and because of this, i guess, the program being debugged is run TERRIBLE SLOW. it is UNUSABLE.

If I set a logging breakpoint to RtlFreeHeap and set the COND_NOBREAK options, the program runs SMOOTHLY, it works great, and in the LOG WINDOW, I can see the "test" string being logged all the time.

So i guess, IT IS POSSIBLE to do what i want without a terrible regradation of the performance of the debugged process.

So, help! help! come on olly! your expertise is needed!

well a conditional break point means you should give it a condition that is valid only once that why it called conditional refine your conditions better to make it break lesser i cant comment unless i see how or why some thing happens
iirc nm_breakexpr and nm_breakexpl are for
expressions and not conditions (in graphical shift+f4 these willl be set in the two edit boxes below the codition edit box) also if you are using expr
you should create some definitons too if i remember correctly
not sure you are creating them (actually on wrong expressions olly assumes no condition and breaks as if it is a hard break (break_always))
the codition must be a valid expression that returns eiter a true or false
check if your expression is valid
use view watch graphically and manually or use _getwatch () and parse conditions and results
if you are sure you have a real condition that happens only once you can narrow it down to break only once

no, but I do not want a CONDITION.
I just tried conditional breakpoints hoping they would be faster, but they are not.

I just want olly to break EVERYTIME freeheap is called, and it does, but the problem is that it makes the debugged app TERRIBLY SLOW. An this is because, for starters, olly redraws all windows with each breakpoint hit.

This is a performance issue. I've done the same thing with other debuggers (set breakpoint on functnio and do sthg when it is hit) and the app does not crawl like it does on olly.

good luck to you then on your future endevours on those non sucking debuggers
Best Regards