I want to debug a DLL when it is called from an application. For example, when Firefox calls nss3.dll "NSS Builtin Trusted Root CAs" to check HTTPS Certificates, I want to catch the nss3.dll and debug all its transactions with a known debugger like OllyDBG or any other.
How to trace threads created and debug them ?
In OllyDBG and ImmunityDbg, in Options->Debugging Options-> Events you have an option "Break on new module". If this option is set, whenever a new DLL is loaded, Olly/Immdbg will break and let you do your business.
In Windbg follow Debug-> Event Filters, in the list you will find Load module, on the side set the options to "Enabled" and "Handeled" which will achieve the same result as above.
If on the other hand you want to break on the specific function, you can check the DLL exports which lists all the functions exported by DLL. After the DLL is loaded, and the debugger breaks as per previously mentioned settings, you can then proceed to set the breakpoints on individual functions.
