Jump to content
Tuts 4 You

Tracing Differences x64dbg

Leila.Morar48

By Leila.Morar48
in x64dbg

Recommended Posts

Kurapica

Kurapica

Posted
Posted

Sorry for the inconvenience but it was created as a prototype to solve a problem I had

you can choose to disable GUI updates to improve events per second rate

and make sure to choose the right range, i.e the area between start and end should be what you

really need, you can also optimize it further by changing some lines in the code to avoid

going into external modules that you don't want to trace into.

 

 

ScreenShot00014.jpg

Leila.Morar48

Leila.Morar48

Posted
  • Author
Posted (edited)
24 minutes ago, Kurapica said:

Sorry for the inconvenience but it was created as a prototype to solve a problem I had

you can choose to disable GUI updates to improve events per second rate

and make sure to choose the right range, i.e the area between start and end should be what you

really need, you can also optimize it further by changing some lines in the code to avoid

going into external modules that you don't want to trace into.

 

 

ScreenShot00014.jpg

EnD VA it is Header VA or RVA?

Where copy END VA?

Edited by Leila.Morar48
Kurapica

Kurapica

Posted
Posted

NO

Let's say you have the following scenario

An execution range : instructions being run between two locations, for example :

Point A : Entry point of the application 

Point B : is a call to showwindow API

These two points should be in the same module, so set a BP on point A and when you are there

Start the plugin from the menu, you will see this dialog, END VA is where you enter the address of Point B

Module is the name of the module in which tracing should happen

so now you press GO button and it will single step each line until it reaches Point B in this module

you will see the counter of "Logged events" increasing with time until you reach point B

Now you can click "SAVE" button and name this log as "Tracing_State_1"

Repeat the same process with different parameters in your application, for example using an invalid password or date

save the 2nd log, now you have 2 logs to diff, each log is a text file, you can use Notepad++ and one of its plugins to diff the 2 logs and see where

the execution differs within this range.

 

 

 

 

  • Like 1
Leila.Morar48

Leila.Morar48

Posted
  • Author
Posted
9 minutes ago, Kurapica said:

NO

Let's say you have the following scenario

An execution range : instructions being run between two locations, for example :

Point A : Entry point of the application 

Point B : is a call to showwindow API

These two points should be in the same module, so set a BP on point A and when you are there

Start the plugin from the menu, you will see this dialog, END VA is where you enter the address of Point B

Module is the name of the module in which tracing should happen

so now you press GO button and it will single step each line until it reaches Point B in this module

you will see the counter of "Logged events" increasing with time until you reach point B

Now you can click "SAVE" button and name this log as "Tracing_State_1"

Repeat the same process with different parameters in your application, for example using an invalid password or date

save the 2nd log, now you have 2 logs to diff, each log is a text file, you can use Notepad++ and one of its plugins to diff the 2 logs and see where

the execution differs within this range.

 

 

 

 

Okay. Need put Address Point B to END VA? 

Kurapica

Kurapica

Posted
Posted

yes !

 

 

 

 

Kurapica

Kurapica

Posted
Posted
10 hours ago, evlncrn8 said:

maybe !

 

 

  • Haha 2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...