Topic created on: November 25, 2010 12:26 CST by rceresearch .
In many malware samples, it is observed that the malware calls the API
With the third argument being a START_ADDRESS of a routine that defines the thread's activity. But while debugging through Ollydebugger generally, I am not able to step into the thread process as it starts a separate thread.
Any idea on how to handle such scenarios? I see there is a tab "T" that lists the Threads with states and options to control their state but don't know how to use them to achieve single stepping the thread code.