I need to log buffer at send winsock api with length of data 12 and i need to log whole buffer how to do ?

ok give a example that olly only show 8 first digit

i set in [eax] expression condition log

i got this out put


00704185 | COND : 204C4143 in log window.
it show only partial output.

20404143 == " LAC" so it is a string [eax] is dword by default so it
shows only 4 bytes
set decode value of expression as to ---> pointer to ascii string or

or use [string [eax]] as expression to log

u miss understand me!

ok this is buffer in c

unsigned char my_buffer[16] = {0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00
};

i need to log whole buffer written to log window as this format

00704185 | COND : 4D5A90000300000004000000FFFF0000


it not ascii.

well there is only one way you can use STRING [[ESP+CONST]] or use pointer to unicode string both have thier limitations they will stop at first null terminator ie either 0 or 00

here is how some logs will look like

the break point i place here is like this

0040107A STRING [[esp-10h]] |. FF35 24304000 PUSH DWORD PTR DS:[403024] ; /hObject = 0000002C (window)

i set it on one line below ReadFile
note [esp-10] will hold the buffer pointer to which the file was read

00401069 |. FF35 30304000 PUSH DWORD PTR DS:[403030] ; |Buffer = 00132BE0
0040106F |. FF35 24304000 PUSH DWORD PTR DS:[403024] ; |hFile = 0000002C (window)
00401075 |. E8 40010000 CALL <JMP.&KERNEL32.ReadFile> ; &#92;ReadFile

and i set the same expression to be logged

COND: ReadFileOutput = Œ½œ’rd9#*4rurdt:r<drœŒrt0ES1E33�¾c0rktcsu`kubszlkxi`~ihy imavlfxnl{~hyhSõMUEV_FnMCZISCQ@GzDKXLAYMAQFŒ¾t1d}zloyil~h{@DhRWQ@WFAW Q@WFAWQ@WFAWQ@WFAWQ@WFAWQ@WFAWQ@WFAWQ@WFAWQ�¥cbmt«f®pdAegerfrsš°dytedp pdtercdrtercdr`wcsrgg