1.This tool must inject into the parent process and listen client process create event.
2.If the parent process not started with the client process at the same time and parent process first. We need inject the debugger by myself. Just select a process in list and click "inject", a debugger will be started. if not please check the lifeODBG's privilege or selected "step up privilege" have another try. When the debugger started, it's just like a simple debugger, if you not selected "Auto listen" be front of Inject you must start listen manually. Just use debugger open a program(exp:notepad.exe).After listen started, the debugger just like fool until the client process created.
3.If the parent and client process start at the same time, we only click "O" to select the program we need, type in the command line in left edit control and click "Debug", the process and debugger will be created automatically. But if not select "auto listen" beforehand, we need start listen manually.(exp:Armadillo)
Options:
"Inject": Just inject the debugger into selected process.
"Inject DLL": Just inject a DLL into selected process.
"Refresh": Refresh the processes list.
"Single debug mode": Let the injected debugger just like a simple debugger,It is can debug but not client process.
"Disable handle close": Disable the client process close the handles in debug event.(exp
ebug EncryptPE).
"Set up privilege": Set up the LifeODBG.exe's privilege.
"Auto listen": turn into debug stats automatically when the debugger be injected.
"Passive mode": Just use for the process we started is a client process when the parent process append start debugger automatically.
"Call back debug event": Set up who will be call back to the debugger.
llydbg) to debug the parent process at the same time.
