Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-22-2006, 04:11
n0ital n0ital is offline
Friend
 
Join Date: Sep 2003
Posts: 17
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
n0ital Reputation: 0
Question Olly Registers Recorder

Olly experts,

What is the best way to record (log) the value of EAX & EDX while going through a specific EIP inside a loop? Proggy has long loops (500 itterations or so) and I would like to record the value of EAX & EDX for each itteration while at a specific EIP...

Couldn't find a way to do it with "Trace" so thought there might be some plug-in (script) that would provide this feature...

10X all
Reply With Quote
  #2  
Old 03-22-2006, 04:19
goggles99 goggles99 is offline
Friend
 
Join Date: Aug 2004
Posts: 62
Rept. Given: 5
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 4 Times in 4 Posts
goggles99 Reputation: 0
Smile

The right most column in the Trace window has "Modified Registers".
Reply With Quote
  #3  
Old 03-22-2006, 05:28
n0ital n0ital is offline
Friend
 
Join Date: Sep 2003
Posts: 17
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
n0ital Reputation: 0
Hi goggles99,

Not sure I understand how this would allow logging of 3000 or so EAX/EDX values at a specific EIP...
Reply With Quote
  #4  
Old 03-22-2006, 06:23
arnix arnix is offline
Friend
 
Join Date: Feb 2005
Posts: 68
Rept. Given: 11
Rept. Rcvd 18 Times in 7 Posts
Thanks Given: 2
Thanks Rcvd at 6 Times in 4 Posts
arnix Reputation: 18
You can use a simple OllyScript, see its documentation for more help, it is really easy, a small hint from the readme.txt:

BPL addr, expr
--------------
Sets logging breakpoint at address addr that logs expression expr
Example:
bpl 401000, "eax" // logs the value of eax everytime this line is passed
Reply With Quote
  #5  
Old 04-07-2006, 00:27
JuneMouse
 
Posts: n/a
do you want to log both the register at one conditional breakpoint ?
ollydbg natively lets you log one single expression per conditional breakpoint only

if you are not afraid of recompiling the cmdline.dll source
i recently wrote some code to log multiple expressions


it may be buggy and it surely is untested on different platforms
and with different compilers
i used bccfreecommandline tools and used the original makefile
to compile this

i have attached the source as well as a precompiled dll (replace original in plugin path do not rename and use there may be clashes to get the attention of ollydbg_pausedex() function on renaming i dont know
did not test it rigourously )

any bug reports are welcome
Attached Files
File Type: zip modifiedcmdlineplugin.zip (50.2 KB, 20 views)
Reply With Quote
  #6  
Old 04-07-2006, 03:35
n0ital n0ital is offline
Friend
 
Join Date: Sep 2003
Posts: 17
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
n0ital Reputation: 0
Hi JM,
the intent is to log the value of eax, ecx & edx while it loops through a specific eip...the proggy only loops through this eip to validate a manual entry...the next step will be to auto-feed the loop with the ecx values perhaps through some injected code (cave) and perhaps do a KG from the data...the data is only valid for one run of the proggy because it initiates the loop with random data... will have a peek at your code... 10x
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Read registers in memory anon_c General Discussion 9 09-19-2015 13:49


All times are GMT +8. The time now is 21:41.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )