Author: David Zimmer
Date: 10.22.10 - 6:22pm

So i have been fighting with my hit trace plugin today. First let me say i really hate plugin development..it is such a long ass process to compile, install, restart host, launch plugin, configure plugin, launch process, examine results.

I have literally been at it all day!

So it turns out this plugin has been broken from the start it seems. when you are inside the ODBG_Pluginmainloop inside an EXCEPTION_BREAKPOINT handler, calls like this give you stale data

   t_thread *th = Findthread(threadId);
   t_reg tr;
   tr =  th->reg; 
   return tr.r[REG_EAX];
Thats fun to know. I tried all kinds of stuff like trying to make it redraw all the panels and what not. Finally i looked at ollyscript source and found what he did..

   t_thread* t;
   t = Findthread(Getcputhreadid());
   CONTEXT context; 
   context.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL ;
   GetThreadContext(t->thread, &context);

	case REG_EAX: return context.Eax;
I guess i dont quite get why the olly api fails here. It must be because you are in an exception event and i just missed the memo. Sucks to be me. this was a very long painful debugging session. :(

actually in hindsight..i bet if i had set a timer and then run my handling code outside of the Pluginmainloop after like a 30ms delay everything would have been fine.

Turns out the hunch about using a timer to let Pluginmainloop return corrected the problem. This way I can go back to using Expression to eval complex expressions over the simple version i cooked up that explicitly used my own GetRegister routine. Will post a link when complete.

The update was all for adding a ascii string dumper feature to it. the things you find when you turn over rocks eghh...

Updates added:
  • ascii dump feature (prefix expression with A)
  • hexdump feature to log data (prefix exp with H, and number - H8 would specify hexdump and log 8 chars)
  • log output to file
  • support multiple trace expressions per breakpoint
  • allows you to log a comment with trace data (either from gui or disasm)
  • edit saved hittrace breakpoints
  • view hit count stats

Download: OllyHittrace.zip

