TRW2000 Commands and Keys
A beginners quick guide to TRW!

WRITTEN BY McCodEMaN [TRES2000]


This is a short list of the commands and keys that's useful to know when taking TRW for a ride the first time!

 
 

Commands:

A [address]   Assemble code

G                   Run to address

PEDUMP     Dump PE file from memory, current EIP will be
                      entrypoint. => dump1.exe

MAKEPE     Same as above but for reg. users => newpe.exe

PMODULE  TRW steps through the prog. until it encounters a RET to module code.

MOD32        Displays 32bit module list

PROC           Displays process list

                   Search in memory

TASK           Displays task list

THREAD     Displays thread list
 
 

Shortcut Keys:
 

F4                 View User Screen (RS)

F5                 Used the same way as in softice

F7                  Run to current opcode

F8                  Enter Calls

F9                  Sets a breakpoint at current upcode

F10                Trace down through the code

F12                pret
 
 

Hotkeys:

Ctrl+m          TRW will break Windows immediately (Ctrl+D in SoftIce)

Ctrl+n           TRW will break the active window
 
 

Breakpoints:

bp                  If condition

bpx                Bp on exec.

bpmx             Harware breakpoint

bpmd             Harware breakpoint

bpmw            Harware breakpoint

bpmb            Harware breakpoint

bpmsg          Window message

bpio              I/O breakpoint

bpint3           Breakp. on exec. by insert int3 in user code

bpe               Edit breakpoint

bc *              Clear all breakpoints

bl                  List breakpoints
 





Essay written by McCodEMaN ŠTRES2000. All Rights Reserved.
1