Hello,

Is it possible to view the previous adress of the disassembled program? I mean sometimes a function is called by many different calls, or sometimes it is not clear in the analysed text who calls the function, but I want to see what the caller was (or where was jumped from), without using the execute till return function (because this doesn't work for jmp commands)

For example I have this code-snippet:
00BA927B EB 00 JMP SHORT 00BA927D
00BA927D 83C4 08 ADD ESP,8
00BA9280 E9 2A030000 JMP 00BA95AF
00BA9285 B8 F0C9BF00 MOV EAX,0BFC9F0 <--------------Currently here
00BA928A 50 PUSH EAX
00BA928B E8 306589FF CALL Install_.0043F7C0

And I've set a breakpoint on all these addresses, but it breaks only on the currently here statement, and I can figure out what the previous instruction was...

Tnx for ya help!

Use the trace function - it'll tell you every instruction executed before the one you are at - then you know exactly how you got there.

Tnx for your quick answer. But I already tried to use that, only as far as I know when you use the trace function, you should also (auto)step through your program, and first of all the program is quite big, and besides that, if I keep stepping through my program it almost everytime comes up with an unhandled exeption (with don't pop-up normally), so am i doing something wrong or?

the better trick for trace without exceptions for the trace is made this

example

you start in the executable

use the trace option of the ollydmp (trace into to oep)

this trace till first api and stop
execute till return
f7
trace again
repeat the process when stop in a api, execute till return and f7 and trace

is tedious but is 100 % effective and you can view the apis used for the program
and tracing is imposible of beat

The other otion is run till a location near the point you can reach and make the same process strating in a location more near of the point of the study.
Ricardo