I have some trouble: one process creates another via function CreateProcessA. I need break in entry point of this second process or to set breakpoints there. How can I do this without entering kernel32.dll and ntdll - it's a stupid way,I think

When Stop in CreateProcessA, Execute Till Return, open PUPE and in the ENTRY POINT of a new process replace the two first bytes for EB FE (an infinite loop) and continue Run the original program, the process created will be looping in the EP, and you can atach with other OLLYDBG and change the bytes for the originals, and continue runnning too.
Other method is replace the byte of the ep for CC, and configure ollydbg for JIT (JUST IN TIME DEBUGGER), when the new process enconuter the CC, and make exception, OLLYDBG automatically atach, and stop in the EP of the new process, but i think the first is more clean option.

Ricardo

`| (thumbs up) ricardo
one more way i think could be to use create suspended flag i mean modifying the flag that is passed to createprocessA and writeprocmem ebfe or cc and attach it

or open up the creted processor in some hexedit and put cc or
eb fe