Page 1 of 1

Run Trace

Posted: Tue Jan 14, 2014 10:20 pm
by tutenKam
Ok, this is a simple question. Once you start run trace in ollydgb, how do you stop it? For the life of me I cannot figure it out. I have googled it with no results.

Posted: Wed Jan 15, 2014 1:14 am
by blabberer
tutenKam wrote:Ok, this is a simple question. Once you start run trace in ollydgb, how do you stop it? For the life of me I cannot figure it out. I have googled it with no results.
google is an aid and not a replacement to any of the more common senses
how do you stop a running exe ? never paused it ?

you either need a breakpoint that gets hit
or suspend the process ( terminology being pause / break depending on the debugger you use)

in ollydbg pause / break is implemented using f12 key
in windbg ctrl+break etc

Posted: Wed Jan 15, 2014 6:23 pm
by tutenKam
Thanks!
F12 worked.
Its not well documented, thats for sure.
Also, there is no stop trace command under the Trace menu.
Maybe this needs to be added.

Posted: Thu Jan 16, 2014 3:23 am
by blabberer
tutenKam wrote:Thanks!
for sure.
Also, there is no stop trace command under the Trace menu.
Maybe this needs to be added.
well i have to be a little hard and yell RTFM (you can substitute friendly inplace of F$##(*#($ ) if you so wish

this is straight from ollydbg.hlp what more explict documentation do you need ?
Run trace is the way to backtrace program execution that precedes some event. You can also use run trace for simple profiling. Basically, OllyDbg executes debugged program step-by-step, like in animation, but it doesn't redraw windows and - most important - logs addresses, contents of registers, messages and known operands to the run trace buffer. If debugged code is self-modified, you can save original commands. Start run trace by pressing Ctrl+F11 (run trace into, entering subroutines) or Ctrl+F12 (run trace over, executing calls at once), and stop it with F12 or Esc.

You can specify a set of conditions that are checked on each step of the run trace (shortcut: Ctrl+T). Run trace stops if any condition is met. Conditions include:

Posted: Thu Jan 16, 2014 4:02 am
by Kayaker
So why don't you say what you really mean? :D

[ATTACH]2903[/ATTACH]

Posted: Thu Jan 16, 2014 4:28 am
by blabberer
Kayaker wrote:So why don't you say what you really mean? :D
what do i mean in this ? choose the best :)

.formats 0y01010010010101000100011001001101
Evaluate expression:
Hex: 5254464d
Decimal: 1381254733
Octal: 12225043115
Binary: 01010010 01010100 01000110 01001101
Chars: RTFM
Time: Tue Oct 08 23:22:13 2013
Float: low 2.27928e+011 high 0
Double: 6.82431e-315

[ATTACH]2904[/ATTACH]

Posted: Thu Jan 16, 2014 9:10 pm
by tutenKam
010010000110010101111001001000000110111001101111011101110010110000100000011000100110010100100000011011100110100101100011011001010010000100100000011011000110111101101100

Posted: Sun Jan 19, 2014 1:28 am
by tutenKam
Ok, so stopping the trace in program doesnt stop ollydbg tracing other programs. I loaded my TI89 ROM guess what is running? Trace. There is something after all.