Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

how to disasm current eip to file?

Bugs/suggestions/scripts/... for OllyScript plugin
Locked
at77

how to disasm current eip to file?

Post by at77 »

Hi all,

I'm coding an ollyscript which breaks a lot of times at a certain hardware breakpoint, and there it should log "everything" to file.

So far it looks like this:


var R_EAX
var R_EBX
var R_ECX
var R_EDX
var R_ESP
var R_EBP
var R_ESI
var R_EDI

label1:
eob findwrite ; jmp to findwrite if brk
bphws 00123400,"x" ; break on XXXX
run


findwrite:

mov R_EAX, eax
mov R_EBX, ebx
mov R_ECX, ecx
mov R_EDX, edx
mov R_ESP, esp
mov R_EBP, ebp
mov R_ESI, esi
mov R_EDI, edi

log R_EAX
log R_EBX
log R_ECX
log R_EDX
log R_ESP
log R_EBP
log R_ESI
log R_EDI

dma 00123400, 20, "c:\log_e50000" ;
dma [esp], 20, "c:\log_stack" ;

run

------------------------------

What I actually want to appear in the log, is a single disassembled line of code that contains whatever disassembled instructions reside at memory location "00123400" at the moment of the hardware breakpoint.
(And the values on the stack too, if possible).

Question: How can I do this?

Thanks for your help !
fr33ke
Posts: 109
Joined: Sat Jul 08, 2006 8:00 am

Post by fr33ke »

Take a look at the OPCODE and GCI instuctions.
Logging the stack is simple and also it is no problem to log registers:

log [esp+4] //log a stack value
log eax //log a register
<[TN]FBMachine> i got kicked out of barnes and noble once for moving all the bibles into the fiction section
Locked