.In many malware samples, it is observed that the malware calls the API
CreateThread()
With the third argument being a START_ADDRESS of a routine that defines the thread's activity. But while debugging through Ollydebugger generally, I am not able to step into the thread process as it starts a separate thread.
Any idea on how to handle such scenarios? I see there is a tab "T" that lists the Threads with states and options to control their state but don't know how to use them to achieve single stepping the thread code.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}