View Single Post
  #7  
Old 01-19-2018, 04:31
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by mr.exodia View Post
Yeah, the documentation says:

Code:
Settracecondition

OllyDbg can pause run trace on a set of conditions. This function quickly sets pause on expression, on suspicious command and/or on EIP range and deactivates pause on command.


void Settracecondition(char *cond,int onsuspicious,ulong in0,ulong in1,ulong out0,ulong out1);


Parameters:


cond - pointer to character string containing expression. Run trace will pause if expression is invalid or estimates to non-zero value;


onsuspicious - activates (1) or deactivates (0) pause on suspicious command; 

 
in0, in1 - 'in range' request. Run trace will pause if EIP is in this range (in1 not included). To disable pause on 'in range', set both in0 and in1 to 0;


out0, out1 - 'out of range' request. Run trace will pause if EIP is outside this range or equals to out1. To disable pause on 'out of range', set both out0 and out1 to 0.
Calling this function like Ollydump does would be equivalent to the trace condition "eip < out0 || eip >= out1" in x64dbg where out0 and out1 are the section boundaries of the section that eip is currently in...
Okay, this makes more sense to me now. I'll add this to my cheat sheet.
Reply With Quote