Page 1 of 2 12 LastLast
Results 1 to 15 of 21

Thread: logging jumps or calls

  1. #1
    bk_
    Guest

    logging jumps or calls

    Hi,
    I would like to know if it's possible to log jumps or function calls with ollydbg? I've tried "Conditional Branch Logger" but cannot seem to find wingraph32.exe

    It would assist me greatly if I could do this, as I will be able to compare success and fail scenarios to isolate the jump calls that determine the branching.

    If not, what's the best way to approach this?

    Thanks.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Hi,

    OllyCallTrace shd help u with that.

    http://www.harmonysecurity.com/OllyCallTrace.html

    Doesn't log jumps though.

  3. #3
    bk_
    Guest
    Thanks.

    I tried the various plugins but didn't help me the way I wanted. I eventually settled on ollydbg 1.10 without any plugins, and used CTRL+K to show call stack.

    It's not an ideal solution but it helped me quite a bit in showing the the layers of calls, so much so that after 2 hours, I managed to solve what I needed to get done.

    Thanks again.

    BK.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    This is the exact intent of the "Conditional Branch Logger" that you mention above, so what was the problem with it, and what does wingraph32.exe have to do with it?

    (btw, wingraph32.exe should be included with the free version of IDA Pro I think)
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  5. #5
    bk_
    Guest
    I tried "Conditional Branch Logger" but it was animating the run process (F9), as if animate-into was selected.

    I eventually figured out where to find wingraph32.exe (included with the free IDA PRO download) . I was trying out another plugin that would visualise the call trace.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    sitapea1337
    Guest
    I'm looking for one myself aswell. The plugin I'm looking for needs to log jumps when I'm stepping through the code. Why do I need that? To make difference between same program under different conditions (7-days left, trial ended, registered version and so on).
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    You may also want to consider http://pedram.redhive.com/code/process_stalker (more info and screenshots at http://pedram.redhive.com/research/process_stalking)

  8. #8
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Quote Originally Posted by sitapea1337 View Post
    I'm looking for one myself aswell. The plugin I'm looking for needs to log jumps when I'm stepping through the code. Why do I need that? To make difference between same program under different conditions (7-days left, trial ended, registered version and so on).
    First of all, this kind of "execution path diffing" was exactly why the Conditional Branch Logger plugin was created.

    Remember that you can specify exactly which code areas that should be logged and not, and also when to start and stop the logging, so maybe you don't have to manually step through the code during this logging after all?

    Otherwise, the following IDA plugin helps you keep track of where you single-stepped inside a program:

    http://www.woodmann.com/collaborative/tools/index.php/CoverIt

    It's also open source, and can easily be modified to log the coverage information in any format you like.

    You should probably take a look at the tools in the following CRCETL category too:

    http://www.woodmann.com/collaborative/tools/index.php/Category:Code_Coverage_Tools
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  9. #9
    sitapea1337
    Guest
    Sorry to be stupid once again, but is there any good tutorial for Conditional Branch Logger since when I activate it and hit "Play", then it starts doing some weird stuff.

    How would it be possible for me to run program normally with OllyDbg samewhile Conditional Branch Logger logs every jump taken or not?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    If you want to interact with the program you must either activate the logging at the right spot, or be very patient, just like with any tracing-type analysis.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  11. #11
    sitapea1337
    Guest
    I just cannot understand. When I can write jumps taken or not on paper, then why isn't it possible to log it with program?

    I might sound a little bit stupid, because I started assembling few weeks ago and following one tutorial. Just thought it would make my life easier, because I have "solved" many trials with installation logging (log files, register before installation and after, and after uninstall again, then compare).
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    greencat
    Guest
    If you want to logged any types of jumps, you must write a script. Script will be simulate pressing F7 or F8 and compare instruction eip and your condition of jumps. If compare good, it will be logged.
    P.S.
    Yet, speed trasing in this case will be slow. But all jumps will be logged. I'm think, this very good method. Learn olly script. It easy.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Quote Originally Posted by sitapea1337 View Post
    I just cannot understand. When I can write jumps taken or not on paper, then why isn't it possible to log it with program?
    This is exactly what Conditional Branch Logger does, did you even read the posts above?
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  14. #14
    breakpoints are my favorite way to keep track of what i'm doing, or to go deeper and deeper into finding the right calls, but when i can't set breakpoints because the program is packed or im attaching to something, i use notepad.exe, simple but copying a line of code from the disassembler window could save you from redoing a number of steps or breakpoint setting

  15. #15
    Quote Originally Posted by dELTA View Post
    This is exactly what Conditional Branch Logger does, did you even read the posts above?
    dELTA,

    Much like this poster, I'm struggling quite a bit with CBL. I know it's a great tool, but I want to use it for essentially process stalking and I haven't figured out how to do it on a program that's in-process. It's great for if what I need to track is right up front but more comprehensive help or a tutorial would be very useful.

    Sorry to bk_ for possibly hijacking, but let me explain: In a program like I'm working on now, one call block will call a bunch of other tiny ones. Which will each call a couple others. Which may each call more, some of which I don't even know because the calls are computed based on register manipulations before therm. This same program also has a "waiting for input" branch that it keeps going back to in the process of doing other things.

    I want to use CBL to trace ALL of the jumps that arise following me hitting a menu button that leads down a specific, very long execution path. But I can't seem to do it - it traces EVERYTHING, and I don't know how to tell it to only trace the things that I need. Particularly since it seems I either have to allow huge blocks of code, or can only whitelist/blacklist certain routines because I don't know everything that's being called.

Similar Threads

  1. reals and jumps
    By thatsgreat2345 in forum OllyDbg Support Forums
    Replies: 6
    Last Post: August 25th, 2005, 14:58
  2. Acprotect help whit bad jumps.
    By nls in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: May 3rd, 2005, 16:48
  3. logging calls to a particular function in ollydbg or softice
    By JH1979 in forum OllyDbg Support Forums
    Replies: 2
    Last Post: December 10th, 2003, 20:24
  4. logging certain function calls
    By JH1 in forum OllyDbg Support Forums
    Replies: 2
    Last Post: December 3rd, 2003, 09:22
  5. I get a red screen when softice jumps.
    By edge in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: January 13th, 2001, 19:39

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •