def tracing():
global PRE_ADDR
event = idc.GetDebuggerEvent(idc.WFNE_ANY, -1)
if event <= 1:
idc.RunTo(idc.BeginEA())
idc.GetDebuggerEvent(idc.WFNE_SUSP, -1)
idc.EnableTracing(idc.TRACE_STEP, 1)
idc.GetDebuggerEvent(idc.WFNE_ANY | idc.WFNE_CONT, -1)
while True:
event = idc.GetDebuggerEvent(idc.WFNE_ANY, -1)
if event <= 1:
break
addr = idc.GetEventEa()
print event, "==>", hex(addr)
# judge breakpoint and same addr
if PRE_ADDR != addr:
PRE_ADDR = addr
else: # same addr
if event == idc.BREAKPOINT: # and now is breakpoint
break
current_color = idc.GetColor(addr, idc.CIC_ITEM)
new_color = get_new_color(current_color)
idc.SetColor(addr, idc.CIC_ITEM, new_color)
def start_trace():
idc.ClearTraceFile('')
idc.EnableTracing(idc.TRACE_INSN, 1)
idc.SetStepTraceOptions(idc.ST_OVER_LIB_FUNC)
def disable_trace():
idc.EnableTracing(idc.TRACE_INSN, 0)
trace.unhook()
except Exception as e:
pass
if __name__ == "__main__":
# 如果在入口处开始Trace,要将入口断点修改为Trace
# 参数初始化:
trace_file = "C:\\Users\\zhang\\Desktop\\result.trace.txt"
trace_end_addr = 0x75196359
# Install the debug hook
trace = TraceAnalysis(trace_file)
trace.hook()
# Stop at the entry point
ep = idc.get_inf_attr(idc.INF_START_IP)
request_run_to(ep)
# Start debugging
run_requests()
# Set trace limit
trace.trace_limit["start"] = ep
# trace.trace_limit["end"] = idaapi.get_dword(idautils.cpu.esp)
trace.trace_limit["end"] = trace_end_addr
print("start: %08x ~ %08x" %
(trace.trace_limit["start"], trace.trace_limit["end"]))
# Enable tracing()
idc.EnableTracing(idc.TRACE_STEP, 1)
