Results 1 to 2 of 2

Thread: [Tip] Log all API calls and arguments

  1. #1
    Wayne
    Guest

    [Tip] Log all API calls and arguments

    [Requires OllyDbg v1.08 or later]
    Load a process, right-click in the disassembly window and select Search For | All Intermodular Calls
    In the window that pops up (which will have listed all imported APIs), right-click on it and select Set Log Breakpoint On Every Command
    Set the Log Value Of Expression and Log Function Arguments to "Always". Press OK, and you'll see all of the intermodular calls now with addresses highlighted in pink/purple, indicating log breakpoints.
    Now simply run the program, then look in the Log window (View | Log) to see which API's got called, in which order, and what arguments were passed. It reads like a book ...

    Thanks to TBD for introducing me to powerful log breakpoints, which is what lead me to discovering this trick!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2

    [Tip] Log all API calls and arguments

    Wayne: nice! thanks for sharing

    one thing though, if OllyDbg doesnt know arguments for one of the API than "Log Function Arguments" is disabled.
    i will bug Olly about this

Similar Threads

  1. Opaque arguments
    By jackall in forum The Newbie Forum
    Replies: 30
    Last Post: July 8th, 2008, 14:39
  2. Dumping function arguments
    By xml in forum OllyDbg Support Forums
    Replies: 6
    Last Post: December 22nd, 2005, 08:57
  3. IDA auto function arguments
    By taylorjonl in forum Tools of Our Trade (TOT) Messageboard
    Replies: 5
    Last Post: May 3rd, 2005, 08:02
  4. arguments
    By Anonymous in forum Bugs
    Replies: 7
    Last Post: May 13th, 2003, 00:16
  5. ida function arguments
    By noone in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: May 5th, 2001, 18:15

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •