Ollydbg full tutorial monitoring and monitoring tool [watches and inspectors] thread [threads]

11. Monitoring and monitoring tool [watches and inspectors]

The monitoring [Watch] window contains several expressions [expressions]. It displays the values of these expressions in the second column. Ollydbg saves these expressions to The. UDD file of the main module, so they are equally valid during the next debugging.

The monitor [Inspector] is an independent window that displays several variables, a 1/2-Dimension Array, or a selected project structure array [selected items of array of ures. Its Expression is basically the same as that in the monitoring window, but it only contains two parameters: % A and % B. You can specify the boundary between the two parameters. ollydbg will replace % A and % B in the expression with all possible combinations. From 0 to the limit (excluding the limit), and the results are displayed in the table. The limit of parameter % B (number of columns) cannot exceed 16.

For example, if you specify the expression % A + % B and limit % A and % B to 3, you will obtain the following table:

 

 

Thread [threads]

The ollydbg features simple and effective thread management. If you perform single-step debugging, tracking, execution to return, or execution to the selected thread, the thread manager stops all threads except the current thread. It restores the current thread even if it is suspended. In this case, if you manually suspend or resume the thread, the action will be extended. If you run the application to be debugged, ollydbg restores the initial thread status. (From the debugger's perspective, the hit trace [hit trace] is equivalent to the free running ).

Based on this scheme, the thread window may have the following five thread states:

Activate [active]-The thread is running or the debugging information is paused.
Suspend [suincluded]-The thread is suspended
Trace [traced]-The thread is suspended, but ollydbg is tracking this thread in one step
Pause [paused]-The thread is active, but the ollydbg temporarily suspends it and tracks other threads.
End [finished]-end of Thread
.

The thread window also displays the final thread error (returned value of the getlasterror function) and calculates the running time of the thread in user mode and system mode (only NT/2000/XP. The thread window also highlights the identifier of the main thread.

The following are available in the shortcut menu:

Refresh [actualize]-mark all threads as old.

Suspend [suspend]-suspend a thread.

Restore [Resume]-restore the previously suspended thread.

Set priority [set priority]-adjust the priority of threads in the process. The following options are available:

Idle [idle]-lowest priority of threads in a process
Minimum [lowest]
Low [low]
Standard [Normal]
High [High]
Maximum [highest]
Time critical [time critical]-highest priority
In the CPU window, open [open in CPU] (double-click). In the CPU window, the current status of the selected thread is displayed.