Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Logging the execution of a program

Bugs/suggestions/scripts/... for OllyScript plugin
Locked
golden

Logging the execution of a program

Post by golden »

Hi everyone, I would like to know if it's possible to make a script that, given any instruction being run, logs the specific operands used by the instruction and respective contents.

As an example, for these MOV instructions:

...
MOV EAX, ESI
MOV ECX, DWORD PTR [EAX+EBX]
...

the ideal output I'm aiming for is:

...
"MOV EAX, ESI -> EAX=<value>; ESI=<value>;"
"MOV ECX, DWORD PTR [EAX+EBX] -> ECX=<value>; EAX=<value>; EBX=<value>;"
...

I think that logging the first part (ie. the full current instruction) isn't a problem with the "#log" command, I just don't know if it's possible to "detect" the operands being used to print their contents too. If not, does anyone know some plugin that is capable of simulating the behavior I'm looking for?

Thanks
User avatar
Kayaker
Posts: 4169
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

Hi

You could check out the source of the Conditional Branch Logger plugin. It uses a simple system of 1 and 2 byte opcode tables to test for the various branch instructions. You might be able to incorporate the idea into a script or plugin for any other instruction sets.

http://www.woodmann.com/collaborative/t ... nch_Logger

Kayaker
golden

Post by golden »

Hi Kayaker, I'm quite new to reverse engineering and after doing some research I realize that the behavior I'm looking for is just simple tracing + logging in OllyDbg. Should have done my homework before precipitately posting.
Thanks for you useful reply :yay:
Locked