Wayne
November 15th, 2002, 02:02
[Requires OllyDbg v1.08 or later]
Load a process, right-click in the disassembly window and select Search For | All Intermodular Calls
In the window that pops up (which will have listed all imported APIs), right-click on it and select Set Log Breakpoint On Every Command
Set the Log Value Of Expression and Log Function Arguments to "Always". Press OK, and you'll see all of the intermodular calls now with addresses highlighted in pink/purple, indicating log breakpoints.
Now simply run the program, then look in the Log window (View | Log) to see which API's got called, in which order, and what arguments were passed. It reads like a book ...
Thanks to TBD for introducing me to powerful log breakpoints, which is what lead me to discovering this trick!
Load a process, right-click in the disassembly window and select Search For | All Intermodular Calls
In the window that pops up (which will have listed all imported APIs), right-click on it and select Set Log Breakpoint On Every Command
Set the Log Value Of Expression and Log Function Arguments to "Always". Press OK, and you'll see all of the intermodular calls now with addresses highlighted in pink/purple, indicating log breakpoints.
Now simply run the program, then look in the Log window (View | Log) to see which API's got called, in which order, and what arguments were passed. It reads like a book ...
Thanks to TBD for introducing me to powerful log breakpoints, which is what lead me to discovering this trick!