Mind
February 16th, 2005, 07:27
I am trying to stop execution at a certain address. The problem is that the address does not contain any code yet, but by the time the execution reach that point it will.
After execution has passed that address it will be to late, then my address will be cleaned of any code.
I canīt put a breakpoint directly at that address so I thought Iīd give Run trace a try.
Well, so far so good, I think I set all the conditions right and so on but I canīt seem to get the actual trace started, when I press Trace into (Ctrl+F11) it takes one step and one step only.
I have tried having the Run trace window log to a file and all sorts of stuff but to no avail, I still need to sit and press Ctrl+11 a couple of billion times... and it simply is not possible to get to my address within reasonable time, I really need it to run until that point and brake there.
The condition I have set is EIP=1001F1A5
That being my address.
So, to recap, I open my executable, it gets paused.
I press CTRL+T and type in EIP=1001F1A5 next to "Condition is TRUE" and check the box.
I choose Open or clear runtrace (nothing happens)
I press CTRL+11, it takes one step.
I read somewhere that I should press CTRL+11 only once so I tried waiting for a while after the first ctrl+11... nothing happened. And the process is still paused, no logfile or run trace window is updated.
I have tried all sorts of combinations and whatnot in the above procedure... simply is not working.
Am I doing something wrong?
In case Im doing it right and there seems to be a bug Iīm sitting on a Windows XP second edition and a P4 processor with hyperthreading.
[Edit]
Ah, I forgot to say, I have also tried just starting the execution again with F9, but then I dont get any Runtrace data logged, and it also does not brake when EIP=1001F1A5 when I do that.
[Edit nr2]
Hmm, ok, well I found out that the trace is actually working out fine if I set some other condition than EIP=....
For instance when I use command count only it does trace.. hmmz.. guess I cant have it stop at eip like that no?
Have to use the EIP range option?
After execution has passed that address it will be to late, then my address will be cleaned of any code.
I canīt put a breakpoint directly at that address so I thought Iīd give Run trace a try.
Well, so far so good, I think I set all the conditions right and so on but I canīt seem to get the actual trace started, when I press Trace into (Ctrl+F11) it takes one step and one step only.
I have tried having the Run trace window log to a file and all sorts of stuff but to no avail, I still need to sit and press Ctrl+11 a couple of billion times... and it simply is not possible to get to my address within reasonable time, I really need it to run until that point and brake there.
The condition I have set is EIP=1001F1A5
That being my address.
So, to recap, I open my executable, it gets paused.
I press CTRL+T and type in EIP=1001F1A5 next to "Condition is TRUE" and check the box.
I choose Open or clear runtrace (nothing happens)
I press CTRL+11, it takes one step.
I read somewhere that I should press CTRL+11 only once so I tried waiting for a while after the first ctrl+11... nothing happened. And the process is still paused, no logfile or run trace window is updated.
I have tried all sorts of combinations and whatnot in the above procedure... simply is not working.
Am I doing something wrong?
In case Im doing it right and there seems to be a bug Iīm sitting on a Windows XP second edition and a P4 processor with hyperthreading.
[Edit]
Ah, I forgot to say, I have also tried just starting the execution again with F9, but then I dont get any Runtrace data logged, and it also does not brake when EIP=1001F1A5 when I do that.
[Edit nr2]
Hmm, ok, well I found out that the trace is actually working out fine if I set some other condition than EIP=....
For instance when I use command count only it does trace.. hmmz.. guess I cant have it stop at eip like that no?
Have to use the EIP range option?
