Thread: x64dbg conditional branches logger [Plugin]
View Single Post
  #1  
Old 06-28-2016, 19:46
Kurapica's Avatar
Kurapica Kurapica is online now
VIP
  
Join Date: Jun 2009
Location: Archives
Posts: 190
Rept. Given: 20
Rept. Rcvd 143 Times in 42 Posts
Thanks Given: 67
Thanks Rcvd at 405 Times in 87 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
x64dbg conditional branches logger [Plugin]
Hi

This is just a work in progress so don't expect too much.

Please test it and report if you find bugs.

I use it like this :

First you need 2 break points to trace between, Start and End.

1 - Throw your target in the debugger.

2 - The Start point should break.

3 - Start the plugin.

4 - Enter the name of the module you are interested in, the plugin will try to detect the name where RIP is now.

5 - Enter the target VA, i.e the point where logging should stop, It's your End point from above.


There will be single stepping into this module but if RIP goes out of this module then there will be stepping over

in those external modules unless there is a call back into the that target module then there will be a single step into the target module.


5 - stepping will continue until we hit the 2nd point.

6 - The plugin will show a message box telling we have ended tracing.

7 - now you can save the result to a log file which looks like this in the image below.

8 - you can use any diffing system to compare the results between 2 traces, here I used a plugin for Notepad++.
Attached Images
File Type: jpg 2016_06_25_140922.jpg (1.06 MB, 27 views)
Attached Files
File Type: rar Ktracer.rar (20.4 KB, 26 views)
Reply With Quote
The Following 2 Users Gave Reputation+1 to Kurapica For This Useful Post:
ÀÏ»ï¼Æ (07-22-2016), mr.exodia (07-01-2016)
The Following 6 Users Say Thank You to Kurapica For This Useful Post:
cachito (07-01-2016), niculaita (06-29-2016), Pushad (06-30-2016), TechLord (06-29-2016), uel888 (09-16-2016)