#1
|
|||
|
|||
Olly Registers Recorder
Olly experts,
What is the best way to record (log) the value of EAX & EDX while going through a specific EIP inside a loop? Proggy has long loops (500 itterations or so) and I would like to record the value of EAX & EDX for each itteration while at a specific EIP... Couldn't find a way to do it with "Trace" so thought there might be some plug-in (script) that would provide this feature... 10X all |
#2
|
|||
|
|||
The right most column in the Trace window has "Modified Registers".
|
#3
|
|||
|
|||
Hi goggles99,
Not sure I understand how this would allow logging of 3000 or so EAX/EDX values at a specific EIP... |
#4
|
|||
|
|||
You can use a simple OllyScript, see its documentation for more help, it is really easy, a small hint from the readme.txt:
BPL addr, expr -------------- Sets logging breakpoint at address addr that logs expression expr Example: bpl 401000, "eax" // logs the value of eax everytime this line is passed |
#5
|
|||
|
|||
do you want to log both the register at one conditional breakpoint ?
ollydbg natively lets you log one single expression per conditional breakpoint only if you are not afraid of recompiling the cmdline.dll source i recently wrote some code to log multiple expressions it may be buggy and it surely is untested on different platforms and with different compilers i used bccfreecommandline tools and used the original makefile to compile this i have attached the source as well as a precompiled dll (replace original in plugin path do not rename and use there may be clashes to get the attention of ollydbg_pausedex() function on renaming i dont know did not test it rigourously ) any bug reports are welcome |
#6
|
|||
|
|||
Hi JM,
the intent is to log the value of eax, ecx & edx while it loops through a specific eip...the proggy only loops through this eip to validate a manual entry...the next step will be to auto-feed the loop with the ecx values perhaps through some injected code (cave) and perhaps do a KG from the data...the data is only valid for one run of the proggy because it initiates the loop with random data... will have a peek at your code... 10x |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Read registers in memory | anon_c | General Discussion | 9 | 09-19-2015 13:49 |