Posted June 26, 20169 yr Hi This is just a work in progress so don't expect too much. Please test it and report if you find bugs. I use it like this : First you need 2 break points to trace between, Start and End. 1 - Throw your target in the debugger. 2 - The Start point should break. 3 - Start the plugin. 4 - Enter the name of the module you are interested in, the plugin will try to detect the name where RIP is now. 5 - Enter the target VA, i.e the point where logging should stop, It's your End point from above. There will be single stepping into this module but if RIP goes out of this module then there will be stepping over in those external modules unless there is a call back into the that target module then there will be a single step into the target module. 5 - stepping will continue until we hit the 2nd point. 6 - The plugin will show a message box telling we have ended tracing. 7 - now you can save the result to a log file which looks like this in the image below. 8 - you can use any diffing system to compare the results between 2 traces, here I used a plugin for Notepad++. Ktracer.rar
June 28, 20169 yr This is a very handy plugin, Please continu developping it. will you please make a 32bit version. Thanks for your efforts
June 28, 20169 yr Author I was told that the developers of x64dbg have already implemented tracing but they still have to do the GUI. maybe it's not useful to keep working on this but it was a simple idea for a problem I had. Lately I fixed some bugs and added this checkbox to suspend the debugger redraws during tracing, which made tracing go much faster ! Ktracer.rar
June 29, 20169 yr Embedded tracing capability that was added to x64dbg is much complex than your plugin /or/ I didnt understand how it really works (I'm used to work with tracing in Olly and its very simple and effective). will you please, try that embedded tracing and show me some short tutorial on how to configure conditions ? Thanks Kurapica
June 29, 20169 yr Tracing is currently working, but it doesn't work the same way as Olly does (eg it doesn't record data). This makes it slightly useless for the avarage user. Data recording is currently being added at https://github.com/x64dbg/x64dbg/pull/807 follow the progress there if you're interested. As for a tutorial on tracing in x64dbg: Also there is this resource available called a manual, I understand nobody knows about this particular one but it's the best source for your information http://help.x64dbg.com/en/latest/commands/debug-control/TraceIntoConditional.html
June 29, 20169 yr Author Excellent work Mr. exodia ! The the only difference is that my plugin records some data which can be studies later and that I don't provide the ability to set conditions although it's not hard at all, it just allows an end VA to be reached as the end flag. I think each one has a different usage and this even makes x64dbg more useful.
June 30, 20169 yr Thanks for all of you for your efforts, @Kurapica: for the moment, waiting for trace function to be updated on x64dbg, will you please make a 32x version of your plugin as it is indeed what I'm missing for the moment. thanks in advance
June 30, 20169 yr Author I can't say it's very stable because I compiled it quickly for 32bit. I'm interested more in the 64 bit version now. Ktracer.rar
July 1, 20169 yr @Kurapica: Thank you for your great help, is it possible to include logging of registers and its values?.
July 4, 20169 yr Just a quick inquiry, will you be making this plugin open source? It might be an interesting example plugin
July 7, 20169 yr Okay, cool! You could very easily add conditional tracing too. Just use DbgValFromString (or DbgFunctions()->ValFromString for more control) and you can allow the user to type any expression (including rip==va). See http://help.x64dbg.com/en/latest/introduction/Expressions.html for more information.
July 25, 20169 yr HI Kurapica, i downloaded your plugin but ver32 is not recognized by last version of x64_dbg. The 64 bit version of your plugin instead works fine.
July 25, 20169 yr @gyver75: the plugin works fine I just tested it and no problem on the 32bit version. try to delete it and replace by new copy .
July 25, 20169 yr nope, i downloaded again and put plugin ( 32 bit ver) in 32/plugin folder of x64dbg but nothing, it doesn't appear in the menu of plugins ehn launch the debugger x32dbg . I have win10 pro . Edited July 25, 20169 yr by Gyver75
July 25, 20169 yr @Gyver75: For me it works out of the box. But most likely you're missing "Microsoft Visual C++ 2010 Redistributable Package (x86)". Try installing this: https://www.microsoft.com/en-us/download/details.aspx?id=8328
August 12, 20169 yr Author @Mr. eXoDia Source code : https://github.com/KurapicaBS/x64_tracer Edited August 12, 20169 yr by Kurapica
September 10, 20169 yr Has the tracer improved in speed? There have been some performance-related updates recently.
September 10, 20169 yr Author It's hard to be accurate on this question without benchmarks which I don't have now. somehow It feels faster to my eyes but the real difference happens when I tick the "disable GUI updates" checkbox.
September 11, 20169 yr Okay, I'm asking because (simple) scripts can reach 500 events/s when not disabling GUI updates...
September 11, 20169 yr Author 500 events / s ?! I wonder where the bottleneck is in my silly plugin anyway I think it's still useful as the "Animate" function in ollydbg.
Create an account or sign in to comment