as above, thx.

is it possible?

the reason is that, a program when works correctly (trial not expired yet) goes a certain logic path, but when it doesn't it goes to other logic path, any tools that logs that address ?

thx.

Its called instrmentation/profiling of the code. You need the profiler/instrumenter/sourcecode/debug symbols..[OR}

There is another tool...

...And its called (DEBUGGER)!!!

Surprised??

Don't be.

ALL debuggers have this capability to log the necessary.

Lets talk about the two main ones:

(a) SoftICE
(b) M$ on available on www.microsoft.com/ddk/debugging

Both are heavy-duty ones, though softice is better if you want to crack VXD's but M$ is better if you want to crack APPS.

(a) SOFTICE

1. Turn off the code window (that correct!!)
2. Keep on pressing F10 key (or F8) and see the disassembly as it progresses!!
3. Feeling bored? Try giving the command T 300 in softice (this will trace and display the 300 lines in softice starting from the address you speficified)
4. Want to do the same as point3, but for P? You can. Write a macro that says:

MACRO XXX = "P; XXX"

This actually LOOPS the macro. The last line in this macro will ALWAYS be a CALL .... (don't bother if you do not understand this. Just try it)


(b) M$ Debugger

Slightly tricky.

(1) Ensure that the command window is open
(2) Ensure that before the debugging starts you have the entry point of the exe (m$ does not give you that )
(3) Ensure file logging is on
(4) Start and keep on pressing F10 (you! here too) and the command window and the log files get filled with the instructions. Better than softice because with each instruction you also get the REGISTER figures (good!)
(5) Bored of pressing the same? Try giving:

$<xyz.txt

where xyz.txt is a file that mentions

P
$<xyz.txt

as a LOOP in itself.



(c)
If you are looking at PROFESSIONAL levels of the same, you may want to try ETCH, the Washington.edu site (this does not even require symbols. Only an binary image will also do (!!!) But sadly, the site is currently out for repairs (I think). Try giving:

"instrument win32 binary without source"

without the quotes in Google, and you can carry on from there.

---------
Officially speaking? No tools CURRENTLY does that that I know of, except maybe hacker written routines.

Feel free to email me to let me explain how to use IDA to generate a listing that can show up in M$ debugger (with IDA comments!!!!! YEAH!!!)., tho' its a bit crude in implementation...

...Have Phun

Hello WoZX !

The M$ debugger runs only on NT/2K/XP, SoftICE runs on all M$ platforms.

The best tool for this would be probalby Turbo Profiler from Borland (optimized for RDTSC), but they only developed a DOS version of it. And this one is ten years old.

wow, thanks.

i guess i'll have to stick to SICE (^_^)

btw, SICE installation on Win2K requires the 'memory protection something something..' to be disabled. what setting does it change, how to change it back to normal ?

thx again.

Hello WoZX !

SoftICE setup changes the registry value of the Memory Write Protection to the rigth value and you should not need to change it back, Win2K runs also when it's turned off. (you wouldn't belive it ) I can't tell you the name of the registry key at the moment, because I had Win2K not installed in the last half year.

Hullo All,

Continuing from my above thread, the latest version of M$ debug ALSO has:

P <count>

where it can step, record with registers and save as file all the P commands that you would have spent otherwise.

So my second option for using $<xxx.txt is now redundant.

By the way, I generally debug using this debugger,as Softice is nowadays not good on Win2K and XP. ICE is getting too buggy and crashes the system too often to be used properly.

And you do have an inbuilt profiler/instrumentor in the debugger itself.

Turbo Profiler (??) I think that I have used that once, and it works ONLY with the source code.

A liability in our current context, would you say not?

Still, try the necessary, and wait for Ollydbg 1.06 (with AUTO trace compares and saving). That'll instrument too!!

...Have Phun, Always.

Hello aimless !

Turbo Profiler works with Source, Code and Mixed. I can profile COMMAND.COM without any problems. I've just tested it and could set 2515 areas to profile the program. This is not good enough to see the whole running execution, but, to be honest, who would try to profile a DOS program in this days? After all the Visual this and Visual that developement tools, nobody knows profiling any more.

For the ones that do not know what I'm talking about: Profiling means to watch the execution of a program with a timer and see which parts of the program are called most often and which parts take the most time, so the specified parts could be optimized and the whole program works faster.

Hi all,

I guess Numega's TrueTime is the best tool for this purpose. It's available in different versions for DeviceDrivers and Applications. Give it a try

Regards
WARM3CH