I know how to set conditional breakpoints on a register, but how can I have a breakpoint trigger if a specific value (say, 0x12345678) appears anywhere in the active call stack frame?
Asked
Active
Viewed 2,418 times
7
-
1In x64dbg you could do this by setting a watch on every stack address, probably you could write a plugin that scans a stack page on every step but it's going to involve checking a lots of addresses, slowing everything down massively. – mrexodia Dec 17 '16 at 18:21
-
@mrexodia Thanks, I will give x64dbg a try. Actually, I'm only interested in the active call stack frame. I have edited my question accordingly. I suppose that makes it somewhat easier? – John Blatz Dec 18 '16 at 20:22
-
It would definitely be possible to write a plugin that scans the stack on every pause event with x64dbg. Plugin templates are available if you're interested. – mrexodia Dec 18 '16 at 20:29
1 Answers
5
Not for Ollydbg, but I wrote a plugin called StackContains for x64dbg that allows you to check if a value is present in the check during conditional tracing. This allows you to break as soon as the value becomes visible on the stack.
You use it like this:
This will break as soon as the value 00E60000 appears on the stack:
It should be easy enough to extend this plugin and tailor it to your needs...
mrexodia
- 1,652
- 10
- 19
-
1That looks awesome, thanks for taking the time to write this plugin! If I can't get what I want in OllyDbg, I'll definitely try it. But the only problem is that I am not a C++ developer. I assume Visual Studio is needed to build the plugin? Or is there a compiled binary available? – John Blatz Dec 19 '16 at 21:13
-
1I made binaries available https://github.com/mrexodia/StackContains/releases – mrexodia Dec 19 '16 at 21:57
-