PDA

View Full Version : Run Trace


tutenKam
January 14th, 2014, 22:20
Ok, this is a simple question. Once you start run trace in ollydgb, how do you stop it? For the life of me I cannot figure it out. I have googled it with no results.

blabberer
January 15th, 2014, 01:14
Quote:
[Originally Posted by tutenKam;96020]Ok, this is a simple question. Once you start run trace in ollydgb, how do you stop it? For the life of me I cannot figure it out. I have googled it with no results.


google is an aid and not a replacement to any of the more common senses
how do you stop a running exe ? never paused it ?

you either need a breakpoint that gets hit
or suspend the process ( terminology being pause / break depending on the debugger you use)

in ollydbg pause / break is implemented using f12 key
in windbg ctrl+break etc

tutenKam
January 15th, 2014, 18:23
Thanks!
F12 worked.
Its not well documented, thats for sure.
Also, there is no stop trace command under the Trace menu.
Maybe this needs to be added.

blabberer
January 16th, 2014, 03:23
Quote:
[Originally Posted by tutenKam;96033]Thanks!
for sure.
Also, there is no stop trace command under the Trace menu.
Maybe this needs to be added.


well i have to be a little hard and yell RTFM (you can substitute friendly inplace of F$##(*#($ ) if you so wish

this is straight from ollydbg.hlp what more explict documentation do you need ?

Quote:

Run trace is the way to backtrace program execution that precedes some event. You can also use run trace for simple profiling. Basically, OllyDbg executes debugged program step-by-step, like in animation, but it doesn't redraw windows and - most important - logs addresses, contents of registers, messages and known operands to the run trace buffer. If debugged code is self-modified, you can save original commands. Start run trace by pressing Ctrl+F11 (run trace into, entering subroutines) or Ctrl+F12 (run trace over, executing calls at once), and stop it with F12 or Esc.

You can specify a set of conditions that are checked on each step of the run trace (shortcut: Ctrl+T). Run trace stops if any condition is met. Conditions include:

Kayaker
January 16th, 2014, 04:02
So why don't you say what you really mean?

2903

blabberer
January 16th, 2014, 04:28
Quote:
[Originally Posted by Kayaker;96037]So why don't you say what you really mean?


what do i mean in this ? choose the best

.formats 0y01010010010101000100011001001101
Evaluate expression:
Hex: 5254464d
Decimal: 1381254733
Octal: 12225043115
Binary: 01010010 01010100 01000110 01001101
Chars: RTFM
Time: Tue Oct 08 23:22:13 2013
Float: low 2.27928e+011 high 0
Double: 6.82431e-315

2904

tutenKam
January 16th, 2014, 21:10
0100100001100101011110010010000001101110011011110111011100101100001000000110001001100101001000000110 11100110100101100011011001010010000100100000011011000110111101101100

tutenKam
January 19th, 2014, 01:28
Ok, so stopping the trace in program doesnt stop ollydbg tracing other programs. I loaded my TI89 ROM guess what is running? Trace. There is something after all.