at77
October 2nd, 2007, 05:59
Hi all,
I'm coding an ollyscript which breaks a lot of times at a certain hardware breakpoint, and there it should log "everything" to file.
So far it looks like this:
var R_EAX
var R_EBX
var R_ECX
var R_EDX
var R_ESP
var R_EBP
var R_ESI
var R_EDI
label1:
eob findwrite ; jmp to findwrite if brk
bphws 00123400,"x" ; break on XXXX
run
findwrite:
mov R_EAX, eax
mov R_EBX, ebx
mov R_ECX, ecx
mov R_EDX, edx
mov R_ESP, esp
mov R_EBP, ebp
mov R_ESI, esi
mov R_EDI, edi
log R_EAX
log R_EBX
log R_ECX
log R_EDX
log R_ESP
log R_EBP
log R_ESI
log R_EDI
dma 00123400, 20, "c:\log_e50000" ;
dma [esp], 20, "c:\log_stack" ;
run
------------------------------
What I actually want to appear in the log, is a single disassembled line of code that contains whatever disassembled instructions reside at memory location "00123400" at the moment of the hardware breakpoint.
(And the values on the stack too, if possible).
Question: How can I do this?
Thanks for your help !
I'm coding an ollyscript which breaks a lot of times at a certain hardware breakpoint, and there it should log "everything" to file.
So far it looks like this:
var R_EAX
var R_EBX
var R_ECX
var R_EDX
var R_ESP
var R_EBP
var R_ESI
var R_EDI
label1:
eob findwrite ; jmp to findwrite if brk
bphws 00123400,"x" ; break on XXXX
run
findwrite:
mov R_EAX, eax
mov R_EBX, ebx
mov R_ECX, ecx
mov R_EDX, edx
mov R_ESP, esp
mov R_EBP, ebp
mov R_ESI, esi
mov R_EDI, edi
log R_EAX
log R_EBX
log R_ECX
log R_EDX
log R_ESP
log R_EBP
log R_ESI
log R_EDI
dma 00123400, 20, "c:\log_e50000" ;
dma [esp], 20, "c:\log_stack" ;
run
------------------------------
What I actually want to appear in the log, is a single disassembled line of code that contains whatever disassembled instructions reside at memory location "00123400" at the moment of the hardware breakpoint.
(And the values on the stack too, if possible).
Question: How can I do this?
Thanks for your help !