Stop offsets

In some cases, we may want to pause the execution of the traced module (it can be done for variety of reasons, i.e. to dump the unpacked buffer, connect a debugger after the antidebug checks passed, and so on).

TinyTracer allows to define a list of offsets where its execution will pause (aka "Stop Offsets"). Once such offset is hit, TinyTracer will wait the time defined in TinyTracer.ini as STOP_OFFSET_TIME (in seconds). If STOP_OFFSET_TIME is set to 0 this feature will be disabled.

A list of Stop Offsets can be defined in a file passed to TinyTracer. By default, it is expected to be in install32_64/stop_offsets.txt. The default path can be changed in run_me.bat (Windows) or tiny_runner.sh (Linux), by editing relevant lines.

Stop offsets are defined as relative offsets within the traced module (RVA). We may also specify how many times execution should stop at particular offset (by default it is 0 - meaning infinite number of times).

Example of the stop offsets list (stop_offsets.txt):

1451
11ee;2

Once the offset was hit, TinyTracer will log into the tracelog (and on std::out if available) the information line about the wait.

# Stop offset reached: RVA = 0x11ee. Sleeping 30 s. Hits remaining: 1

After the wait has finished, another line will be logged:

# Resuming execution