How to log CPU instructions executed by program with x64dbg?
I saw https://reverseengineering.stackexchange.com/questions/18634/x64dbg-see-the-current-position question, but I can't find the way to log instructions.
Asked
Active
Viewed 1,653 times
2
-
2Other ways to do this include Intel SDE (https://software.intel.com/en-us/articles/intel-software-development-emulator) / PIN ([Log all instruction with intel pintool](https://stackoverflow.com/q/51478420)), or with HW support from CPUs with Intel PT: [How to run record instruction-history and function-call-history in GDB?](https://stackoverflow.com/q/22507169). Or with GDB, just scripted single-stepping (vastly slower) [Tracing/profiling instructions](https://stackoverflow.com/q/2971926) – Peter Cordes May 26 '20 at 17:59
1 Answers
5
As far as I understand - you want to log all the executed instructions. The easiest would be to log them in the file. To do this you need to:
- Pause the program, either via
Pauseoption (F12) or using breakpoints - Select
Tracemenu and thenTrace into...(Ctrl+Alt+F7) orTrace over...(Ctrl+Alt+F8). If you want to log every instruction you probably want to useTrace into... - Now in the newly created window
you can select the Log Text format, you can use the proposed 0x{p:cip} {i:cip} which will log the data to file like 0x006E8749 mov ebp, esp. It is also good idea to set the Maximum trace count and the Log File... where the data will be stored. After you are done just press OK and the x64dbg will start executing your program and log all the instructions. Keep in mind that the program won't work really fast during the trace procedure.
morsisko
- 279
- 2
- 10