首页
论坛
课程
招聘
[转帖]Conditional Branch Logger v1.0 by Blabberer / dELTA / Kayaker
2008-2-17 23:47 8536

[转帖]Conditional Branch Logger v1.0 by Blabberer / dELTA / Kayaker

2008-2-17 23:47
8536
Conditional Branch Logger v1.0 by Blabberer / dELTA / Kayaker

Conditional Branch Logger (CBL) is a plugin which gives control and logging capabilities for conditional jumps over the full user address space of a process.

From the main OllyDbg plugin menu select Conditional Branch Logger -> Configuration.

This will open a dialog for managing Included (Logged) and Excluded address ranges, conditional branch type selection and project settings. Ranges can be entered manually or selected from one of the Conditional Branch Logger context menu options available in other OllyDbg windows.

Main CPU window (Alt+C): Add multiline selections as Included or Excluded ranges.
Executable modules (Alt+E): Add code section as an Included range. Set ranges by procedure for any module.
Memory map (Alt+M): Add any memory address region, including non-standard or memory mapped sections, as an Included range. Set ranges by procedure for any module section successfully analyzed.

The Set Ranges by Procedure option, available from the main menu or one of the context menus, will open a window from which individual functions can be added as Included or Excluded ranges for any module. The module will be automatically analyzed via the OllyDbg code analysis function if required.

Each time the main dialog is closed the CBL jump table window will be updated with the latest conditional jump breakpoint addresses. A context menu provides several options for further controlling the selected breakpoints both before and after analysis. When you are satisfied with the settings, run or single-step the target as usual. The results will be shown in the logfile and/or the CBL jump table window.
A button on the OllyDbg toolbar can be used to show the two Conditional Branch Logger custom windows if they have been hidden or closed.

A logfile can be specified from the main Configuration dialog in which all executed conditional branch instructions within the selected logging range and the result of whether the jump was taken or not are recorded. If a logfile is not specified a default file named "conditional_branch_logger_default.log" in the OllyDbg main executable directory will be used. Such log files, from different runs of the same program, can then be compared using any good 'diffing' program to find changes in the code execution path as a result of changing inputs or conditions.

The majority of Conditional Branch Logger settings, including active breakpoints, are saved in the OllyDbg UDD project files and restored when the target is reopened. This means that you can log conditional branch instructions in system dlls such as ntdll.dll which occur even before the Entry Point of the target is reached.



The salient features are as follows:

* Ability to detect all conditional branches and log their behaviour during runtime without having to single step the whole process, which results in a dramatic improvement in performance when compared to run trace logging.

* Ability to choose specific conditional branch types to monitor and log.

* Ability to choose and optimize included ranges and excluded ranges to fine tune the logging.

* Ability to disable, delete and restore the logging status of the detected conditional branches.

* Log conditional branches from multiple modules.

* Ability to list all module procedures that OllyDbg has recognized, with their symbolic names if they exist, as a handy reference so that it is easier to include or exclude ranges.

* A text mode log file that could serve to compare two similar runs to detect divergent paths taken with respect to input.

* A runtime log window that updates the status of conditional branches live with context menus to edit, delete and disable the entries on the fly.

* Context menus in Executable modules window to mass add modules after auto analyzing them or add specific modules to be included in the logging.

* Context menus in Memory map window to add any module section, including non-standard or memory mapped regions, to be included in the logging.

* Context menus in the main Disassmebly window to add odd ranges to be included or excluded from the logging.

* Other features include saving the entire database of conditional branches to the OllyDbg UDD file and restored back when restarting the project.

We hope this plugin might prove useful when monitoring execution flow path.


Any comments can be directed to the OllyDbg forums at
http://www.woodmann.com

This plugin is available at
http://www.woodmann.com/ollystuph/Conditional_Branch_Logger_v1.0.zip

Regards,
Blabberer, dELTA and Kayaker

第五届安全开发者峰会(SDC 2021)10月23日上海召开!限时2.5折门票(含自助午餐1份)

上传的附件:
收藏
点赞1
打赏
分享
最新回复 (5)
雪    币: 200
活跃值: 活跃值 (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
真心为你 活跃值 2008-3-17 20:00
2
0
全英文  看不懂   呵呵   谢谢
雪    币: 84
活跃值: 活跃值 (10)
能力值: ( LV7,RANK:110 )
在线值:
发帖
回帖
粉丝
Gall 活跃值 2010-10-27 17:00
3
0
到这里看看关于这个插件的介绍
http://bbs.pediy.com/showthread.php?t=123636
雪    币: 172
活跃值: 活跃值 (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
iverson 活跃值 2012-4-24 13:27
4
0
感谢分享~支持好的插件
雪    币: 5079
活跃值: 活跃值 (66)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
WangXiong 活跃值 2012-4-24 14:02
5
0
支持分享!多谢!
雪    币: 564
活跃值: 活跃值 (12)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
lixupeng 活跃值 2012-4-29 01:55
6
0
收下 试试谢了
游客
登录 | 注册 方可回帖
返回