How to use ollydbg 'Run trace' a temporailly created thread?

Question

I have a process that creates a thread periodically. That thread sends and receives info by socket. How do I trace that thread every time it created?

Answer 1

User Ollydbg API Finder API from here: http://tuts4you.com/download.php?view.24

Then put a breakpoint in CreateThreadEx or CreateThread API, then goto stack trace window (CTRL + K)

Find caller of CreateThread and you'll find it's parameters, then you can find function that is being passed to CreateThread API, then put breakpoint on that function and let CreateThread API finish (press RUN), you'll be landed on the function that's being created via CreateThread and you can analyze it. Also if your thread is a dll put breakpoint on LoadLibraryEx API.