Anonymous
August 13th, 2003, 08:09
Hello,
I haven't used much Run Trace feature in Ollydbg and today playing around with it while trying to understand how it works I noticed that it has indeed the strangest of behaviors.
I noticed that:
1) statement addresses are not correct -> when I dump to file the run trace I see that each statement is "given" the address of the statement two rows before (also all addresses referenced in my executable are wrong when dumped to file for example in jumps)
2) statements dumped to file sometimes are even wrong (this happenes rarely):
- in run trace -> 0061F71F CALL DWORD PTR DS:[EC+705]
- when run trace dumped to file -> 0061F71F MOV ECX,DWORD PTR DS:[ESI]
3) apart these bugs (strange that no one noticed them before) I can't seem to understand what is happening in run trace .... I run it, and afterwards I go thru it step by step (I have even syncronized the CPU pane with the run trace listing to better understand what happens) and while sometimes it follows correctly the program execution other times it starts jumping around as if the application where a multithreaded application ... but this is not the case. Following the run trace listing it seems that while one procedure is executed completely and correctly, other procedures get executed only in the few lines. Also register values get are reported being updated by statements that don't touch them at all .......
Honestly I can't understand what Run Trace is sometimes doing.
Can anyone help me understand how to use it and how to interpret the listing it generates???
JimmyBoy
I haven't used much Run Trace feature in Ollydbg and today playing around with it while trying to understand how it works I noticed that it has indeed the strangest of behaviors.
I noticed that:
1) statement addresses are not correct -> when I dump to file the run trace I see that each statement is "given" the address of the statement two rows before (also all addresses referenced in my executable are wrong when dumped to file for example in jumps)
2) statements dumped to file sometimes are even wrong (this happenes rarely):
- in run trace -> 0061F71F CALL DWORD PTR DS:[EC+705]
- when run trace dumped to file -> 0061F71F MOV ECX,DWORD PTR DS:[ESI]
3) apart these bugs (strange that no one noticed them before) I can't seem to understand what is happening in run trace .... I run it, and afterwards I go thru it step by step (I have even syncronized the CPU pane with the run trace listing to better understand what happens) and while sometimes it follows correctly the program execution other times it starts jumping around as if the application where a multithreaded application ... but this is not the case. Following the run trace listing it seems that while one procedure is executed completely and correctly, other procedures get executed only in the few lines. Also register values get are reported being updated by statements that don't touch them at all .......
Honestly I can't understand what Run Trace is sometimes doing.
Can anyone help me understand how to use it and how to interpret the listing it generates???
JimmyBoy