[gabri3l]

you cannot attach to the process because it is being debugged. You need to stop the debugger(father thread) first. Check out hxxp://www.absolutelock.de/construction/files/infobase/New/arma_debugblocker/tutorial.html
for information on how to detach the child process. This will allow you to attach to the child process to search for version number and remove debug protection.


Or you can use the OpenMutexA trick to stop it from creating a new thread. When your program is loaded in Olly. Search-> All intermodular calls. DoubleClick on the first OpenMutexA and you will be taken to that call in the program. You will see a call to OpenMutexA, then an test underneath it, then a jump. Reverse the jump in Olly. EX: JNE->JE. Then go back to the intermodular calls and doubleclick on the second openmutexA. Again, reverse the jump after the test. Now set a breakpoint on the jump you changed.


Press RUN. When you get to your breakpoint type "BC CreateThread" in the commandbar. Press F9 again. And continue from mephisto's tutorial just after you fix the debugger check in the child process and hit your first BP on CreateThread. This is helpful because now arma does not create a second thread so there is no attaching to be done and it will work on OS's other than XP.