Hi everyone, I would like to know if it's possible to make a script that, given any instruction being run, logs the specific operands used by the instruction and respective contents.

As an example, for these MOV instructions:

...
MOV EAX, ESI
MOV ECX, DWORD PTR [EAX+EBX]
...

the ideal output I'm aiming for is:

...
"MOV EAX, ESI -> EAX=<value>; ESI=<value>;"
"MOV ECX, DWORD PTR [EAX+EBX] -> ECX=<value>; EAX=<value>; EBX=<value>;"
...

I think that logging the first part (ie. the full current instruction) isn't a problem with the "#log" command, I just don't know if it's possible to "detect" the operands being used to print their contents too. If not, does anyone know some plugin that is capable of simulating the behavior I'm looking for?

Thanks

Hi

You could check out the source of the Conditional Branch Logger plugin. It uses a simple system of 1 and 2 byte opcode tables to test for the various branch instructions. You might be able to incorporate the idea into a script or plugin for any other instruction sets.

http://www.woodmann.com/collaborative/tools/Conditional_Branch_Logger

Kayaker

Hi Kayaker, I'm quite new to reverse engineering and after doing some research I realize that the behavior I'm looking for is just simple tracing + logging in OllyDbg. Should have done my homework before precipitately posting.
Thanks for you useful reply