OllyDbg通过内部模拟简单指令(如选项、运行跟踪等),使运行和命中跟踪速度提高了15倍。在Athlon 4000+上,标准运行跟踪每秒可执行35000条指令;启用模拟后,OllyDbg可以跟踪500000条指令。此外,还优化了运行跟踪条件的解析,显著提升了效率。
2008-05-24
Changelog
Internal emulation of simple commands (Options|Run trace|Allow fast command emulation) has made run and hit trace 15 (fifteen!) times faster. On my Athlon 4000+, standard run trace executes 35000 commands per second. With the emulation on, OllyDbg traces 500000 commands! For simple programs, this may be close to the real-time execution - in the step-by-step mode, with the full protocolling.Emulation covers only the small subset of 80x86 commands - moves, PUSH/POP, arithmetical and boolean operations, comparisons, shifts, jumps, calls, returns and LEAs. No multiplications, prefixes, loops or string operations, no FPU or MMX; still, OllyDbg passes to the application less than two percents of commands.Frequently one uses run trace together with the run trace condition, like: "stop trace when EAX==0x123456". Up to now, the inetrpreter parsed conditional expression on each step. However, this was too slow for the accelerated trace. Now I compile expressions to the simple pseudocode and use a very quick interpreter to estimate the condition. As a result, the above comparison is processed in only 130 nanoseconds. Not bad!Oh yes, and command help now includes the string commands, too.
Download
Standalone: http://www.ollydbg.de/odbg200g.zip
扫一扫
906
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
