Hi,

I want to analyse a trojan with OllyDbg. So I start the trojan and want to attach olly to it. But right after I attached to the trojan I don't have any controll over my system. It seems that the hooks of the trojan (keyboard and Mouse) are blocking all of my input.

Is there a way to debugg a running process which is hooking all of my input events ?

thanx

znow

Did you try the plugins on isdebuggerpresent?

Its safer to "play" it in vplayer(vmware)

Why don't you post the trojan here for others to analyze it too?

Did you break on the entry point of DLL's and the TLS callbacks of both the exe and the DLL's?

All those are executed before you get to the entry point of the exe.

Esther, im already running it in a vmware ;-)
But I havn't tried the isdebuggerpresent plugin yet - good tip.

Cthulhu: sorry, but I promised not to give it away.

fr33ke: I'm not sure what you mean, because I'm attaching to a running process. So all the dll should be loaded already, or ? I will work on that.

thanks for the tips

andy

I meant znow ;-)

My bad. I read over it.

Are you sure it's freezing, or just being extremely slow?

For some reason OllyDbg on my system works perfectly normal when I open a program in it, but lags quite a bit (and using 100% CPU usage meanwhile), which is why I gave up on doing that.