How to use Ollydbg with multi-threaded programs?

linux windows debugging reverse-engineering ollydbg

0x90 · Mar 10, 2012 · Viewed 8.6k times · Source

I have seen here that Olly supports a multi-threaded debugging, but I couldn't find any video or a good tutorial to see how to debug a multi-threaded program.
I would like to know how to use Ollydbg and see the stacks and registers of all the current threads and distinguish which is running now.
Is there any other good debugging tools I can use in Linux/Windows?

Answer

Debugging multi-threaded applications is pretty straight forward in Ollydbg.

Open the Threads windows by clicking on the 'T' button or going to View > Threads. This window shows you all the current threads in the application.

The main thread is usually highlighted in the list. If you right click on the thread of your choice, you will see some options.

To see the thread in the CPU Window ( including stack and register info of the thread ) select the 'Open in CPU' option. You can also make some changes to the thread - like changing its priority, suspending it or even killing it.

Edit:
If you want to start debug the new thread directly from UserMode read this short guide.

How to use Ollydbg with multi-threaded programs?

Answer

Related questions