Conditional Branch Logger (CBL) is a plugin which gives control and logging capabilities for conditional jumps over the full user address space of a process.
From the main OllyDbg plugin menu select Conditional Branch Logger -> Configuration.
This will open a dialog for managing Included (Logged) and Excluded address ranges, conditional branch type selection and project settings. Ranges can be entered manually or selected from one of the Conditional Branch Logger context menu options available in other OllyDbg windows.
Main CPU window (Alt+C): Add multiline selections as Included or Excluded ranges. Executable modules (Alt+E): Add code section as an Included range. Set ranges by procedure for any module. Memory map (Alt+M): Add any memory address region, including non-standard or memory mapped sections, as an Included range. Set ranges by procedure for any module section successfully analyzed.
The Set Ranges by Procedure option, available from the main menu or one of the context menus, will open a window from which individual functions can be added as Included or Excluded ranges for any module. The module will be automatically analyzed via the OllyDbg code analysis function if required.
Each time the main dialog is closed the CBL jump table window will be updated with the latest conditional jump breakpoint addresses. A context menu provides several options for further controlling the selected breakpoints both before and after analysis. When you are satisfied with the settings, run or single-step the target as usual. The results will be shown in the logfile and/or the CBL jump table window. A button on the OllyDbg toolbar can be used to show the two Conditional Branch Logger custom windows if they have been hidden or closed.
A logfile can be specified from the main Configuration dialog in which all executed conditional branch instructions within the selected logging range and the result of whether the jump was taken or not are recorded. If a logfile is not specified a default file named "conditional_branch_logger_default.log" in the OllyDbg main executable directory will be used. Such log files, from different runs of the same program, can then be compared using any good 'diffing' program to find changes in the code execution path as a result of changing inputs or conditions.
The majority of Conditional Branch Logger settings, including active breakpoints, are saved in the OllyDbg UDD project files and restored when the target is reopened. This means that you can log conditional branch instructions in system dlls such as ntdll.dll which occur even before the Entry Point of the target is reached.
Any comments can be directed to the OllyDbg forums at http://www.woodmann.com
