madskillz Posted June 24, 2017 Posted June 24, 2017 I tried but don't think it will work while running trace into or trace over. OR I am not capable of coming up with the command to execute what I want.
mrexodia Posted June 28, 2017 Posted June 28, 2017 (edited) @madskillz Here is a small example of using this plugin. Install the cndsteriods plugin Download this crackme and open it in x32dbg Use this command: setString 1,"123456789" Run to the program entry point. Debug -> Trace into (see screenshot below) Press OK Enter the serial "123456789" in the console window and press enter You should break (see screenshot below) Profit? (probably not, because this plugin is really slow and it greatly pollutes the log) EDIT: I wrote a plugin with similar functionality, but with better performance. See https://github.com/mrexodia/strmatch/releases Edited June 28, 2017 by mrexodia 4 1
paul44 Posted June 29, 2017 Posted June 29, 2017 @mrexodia: Found some time yesterday. It took me some trial & error, but got it this time. In fact: I was primarily interested in a function, which was only called when taking a particular action. If one start a "Trace into...", it gets started right away, and one can not get/switch to the application, until it finishes... So, in order to get the trace right, one must place a breakpoint at the address where one likes it to start... When the debugger hits the breakpoint (after performing that particular action), enter your 'Trace into': it will continue from there onwards (based on said conditions) (btw: the only way I could halt a Trace in progress, was to hit [F12] = pause) Trace window: > Log content: {p:cip} {i:cip} -*- [{ecx}] ~ [{rd8}]~[{rd9}] => rd8&rd9 return "???"; but I'll do some more testing/reading to see if I get this right > Log cond: rip >= mem.base(rip)+D02260 & rip <= mem.base(rip)+D0236C => 'mem.base' ensures me that I can reuse the expression after relaunching game Log entry example: "0000000140523269 cmp edx, dword ptr [rcx + 0x50] -*- [8D44230] ~ [???]~[???]" (btw: I use Notepad++ to read those logs) 1
mrexodia Posted June 30, 2017 Posted June 30, 2017 @paul44 I still don't understand why you would need tracing if you know the exact locations you're interested in...
madskillz Posted July 5, 2017 Posted July 5, 2017 On 6/28/2017 at 2:10 PM, mrexodia said: @madskillz Here is a small example of using this plugin. Install the cndsteriods plugin Download this crackme and open it in x32dbg Use this command: setString 1,"123456789" Run to the program entry point. Debug -> Trace into (see screenshot below) Press OK Enter the serial "123456789" in the console window and press enter You should break (see screenshot below) Profit? (probably not, because this plugin is really slow and it greatly pollutes the log) EDIT: I wrote a plugin with similar functionality, but with better performance. See https://github.com/mrexodia/strmatch/releases @mrexodia I have tested it for tracing location of a UTF16 string loading on EAX register and it found it perfectly. This plugin will come in use for many. Thank you so much for the instructions and then going ahead and making a better plugin,
p4r4d0x Posted October 19, 2018 Posted October 19, 2018 On 8/28/2018 at 10:07 PM, wangcuicui said: My cndsteriods plugin could not run .Why? Dumm!!! It is not compatible with the latest release I guess. Crashes on my system too. But is a good plugin if using with old versions of debugger.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now