首页
社区
课程
招聘
Is there anybody who knows how to use "Trace" in ollydbg
发表于: 2006-8-18 15:25 6031

Is there anybody who knows how to use "Trace" in ollydbg

2006-8-18 15:25
6031
I have learned ollydbg several monthes, but don't know how to use "Trace" in ollydbg, such as "trace into", "trace out" and so on, can anybody tell me.
thanks

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (18)
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
this is my simple program:
//-------------------------------------
#include "stdio.h"

void main()
{
        printf("abc\n");
}
//-------------------------------------

when use Trace into, then in Trace window you will see all of the command this program has worked through, then use "profile", will see which system function has been called, it's great.

if anybody has other suggestions, please let me know, thanks.
2006-8-18 15:43
0
雪    币: 2506
活跃值: (1030)
能力值: (RANK:990 )
在线值:
发帖
回帖
粉丝
3
Are you Chinese? if you know Chinese, you can consult this post:
http://bbs.pediy.com/showthread.php?s=&threadid=21532
2006-8-18 16:00
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
yes, I'm an english teacher before i learn computer programming, I have read this article 2 time, the first time is 2 month ago, the second time is yesterday.
But in that article only tell little about "TRACE", don't tell why use at that situation.
so I hope somebody can expain thoroughly, and give more details, and give us a simple example, perhaps this example can be written by masm, or vc, or even tc.
I know thoroughly about this example, it will call these fuctions:

posvi = (OSVERSIONINFOA *)_alloca(sizeof(OSVERSIONINFOA));
(void)GetVersionExA(posvi);
managedapp = check_managed_app();
if ( !_heap_init(0) )               /* initialize heap */
_RTC_Initialize();
if ( _ioinit() < 0 )            /* initialize lowio */
....
main
...

but I want to use ollydbg to analyze, then next time if i meet a complex one, i can use these method to analyze it too, for example app based on dialog, or MDI
2006-8-18 16:09
0
雪    币: 2506
活跃值: (1030)
能力值: (RANK:990 )
在线值:
发帖
回帖
粉丝
5
If you are Chinese, please use Chinese to put your opinion. I like to talk Chinese with a Chinese.
2006-8-18 16:22
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
sorry, my side is a english os, but i can read chinese. very sorry administrator, because you don't like english, i will shut up, i only read other people's option.
and here's a excellent web site, thanks for the knowledge you have brought to us
2006-8-18 16:35
0
雪    币: 2506
活跃值: (1030)
能力值: (RANK:990 )
在线值:
发帖
回帖
粉丝
7
明白了。英语这东西怎么说呢?中文已被它挤的很厉害了,所以我在能用中文的时候尽量用中文。因为看楼主是中国人,自然对楼主在非英文版块说中文有点不太适应,没考虑到你是英文系统,还望原谅。
2006-8-18 16:47
0
雪    币: 2506
活跃值: (1030)
能力值: (RANK:990 )
在线值:
发帖
回帖
粉丝
8
Trace into 是遇到各个 CALL 都跟进,相当于自动按F7的功能;而 Trace over 是遇到 CALL 时都带过,相当于自动按F8的功能。
2006-8-18 16:51
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
9
ok, many thanks for your help, I have found little at "http://www.ollydbg.de/Tut_rtr.htm"
2006-8-18 16:53
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
10
I understand, like F10 and F11 in vc++, but i want to know the whole process of the program(besides these 3 system dlls, user32.dll, kernel32.dll, gdi32.dll), so can i use TRACE to know all of the user side code, not system side code happened in this program
2006-8-18 16:57
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
11
I have understood this article "http://www.ollydbg.de/Tut_rtr.htm", but don't know how to get the whole code of user space(not system space), i'm not hurry, if you're familar with this question hope you can give me an answer tomorrow or later.
because i'm more interested in user namespace code, and hope can dig more at there.
if cann't use TRACE, please tell me another method.
2006-8-18 17:26
0
雪    币: 207
活跃值: (10)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
12
最初由 ikohl 发布
I have understood this article "http://www.ollydbg.de/Tut_rtr.htm", but don't know how to get the whole code of user space(not system space), i'm not hurry, if you're familar with this question hope you can give me an answer tomorrow or later.
because i'm more interested in user namespace code, and hope can dig more at there.
if cann't use TRACE, please tell me another method.


Alt+F9, 执行到用户代码。
2006-8-18 22:14
0
雪    币: 224
活跃值: (75)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
13
lou zhu ni duo kan kan CCDebuger de OllyDBG 入门系列 jiu ke yi le ,ru men de hao wen a .
2006-8-18 22:19
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
14
wo tong yi ni de  guan dian
最初由 xiaoboy 发布
lou zhu ni duo kan kan CCDebuger de OllyDBG 入门系列 jiu ke yi le ,ru men de hao wen a .
2006-8-18 23:00
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
15
到家了,总算可以写点中文了,我的意思是我想得到所有的用户态下的代码,是,alt+f9可以到用户态的,但其中要走好多步了,有时并不能真的能到达.
不过,很感谢大家的支持,谢谢
2006-8-18 23:02
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
16
不过看你们的拼音太别扭点了,要知道,MSDN还有很技术资料多是英文的,多学点有好处的,特别你们想做外包的话
2006-8-18 23:10
0
雪    币: 325
活跃值: (97)
能力值: ( LV13,RANK:530 )
在线值:
发帖
回帖
粉丝
17
Ctrl+F9可以直接返回
另外纠正一个概念 在OD能够跟踪的代码部分一定是用户态的 包括NTDLL.DLL
因为OllyDbg is a Ring 3 (User-Mode)Debugger
2006-8-18 23:34
0
雪    币: 264
活跃值: (30)
能力值: ( LV12,RANK:250 )
在线值:
发帖
回帖
粉丝
18
最初由 foxabu 发布
Ctrl+F9可以直接返回
另外纠正一个概念 在OD能够跟踪的代码部分一定是用户态的 包括NTDLL.DLL
因为OllyDbg is a Ring 3 (User-Mode)Debugger


楼上的可能误解了楼主的意思,楼主是希望如何准确的定位到程序代码,而并非kenerl.dll,user.dll等win动态库中的代码
2006-8-19 09:33
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
19
不知道如何用“Hit Trace"呢
2006-8-19 10:17
0
游客
登录 | 注册 方可回帖
返回
//